3. Modernizing SharePoint Development
MS DOS Application Model Modern Application Model
No Isolation Process Isolation App Isolation
Examples
MS DOS, Windows
3.1, Windows 95,
Mac OS 9
Windows NT,
Windows 7,
Mac OS X
Windows Phone 8,
Android, iOS
Validated API
protects OS
Yes Yes
Process memory
protection
Yes Yes
App storage
isolation
Yes
Permission Scheme None User-based App-based
SharePoint farm
Solution
SharePoint App
5. Modernizing SharePoint Development
MS DOS Application Model Modern Application Model
WebForms MVC
ASP Pages WebForms MVC
Control over HTML
Control over URLs
Drag and Drop Dev’t
Ease of Code Reuse
Ease of Testing
Replaceable Components
Strong Offering
Weak / No Offering
8. Modernizing SharePoint Development
MS DOS Application Model Modern Application Model
WebForms MVC
XSLT Javascript
SOAP REST
On-Premises On-Premises or Cloud
9. Modernizing SharePoint Development
MS DOS Application Model Modern Application Model
WebForms MVC
XSLT Javascript
SOAP REST
On-Premises On-Premises or Cloud
CAML LINQ
* You can’t get rid of it …
(and CAML*)
10. Choosing an Approach
• Backward compatibility with
existing solutions
• Leverages SharePoint development
skills
• Full access to server OM – you can
do nearly anything
• Elevate privileges and be
omnipotent!
• Hosting Challenges
• Farm solutions – often not welcome
• Sandboxed solutions – limited, now
depricated
• App code is reusable in SharePoint
and Office
• Leverages general web
development skills
• Better isolation – no more leftover
web parts and lists
• Run under App identity – safer way
to elevate
• Hosting Challenges
• SharePoint Hosted Apps are limited
• Where to host provider hosted apps?
SharePoint Solutions SharePoint Apps
13. In reality, SharePoint Hosted and
Provider Hosted are techniques that
are often combined
App IIS, Azure,
or any web server
Host
Web
App
Web
14. Browser Based Isolation
App
Azure
or other provider
Host
Web
App Web
(optional)
http://myserver/sites/myweb/
http://app12345/sites/myweb/
http://whatevs.com/somepath/
Different domain names leverage
browsers’ same-origin policy
for isolation
15. demo
Image Rotator
SharePoint Hosted App
Concepts Shown:
- Use of RESTful services
- Accessing the host web from with the Cross-Domain Library
- App part settings
17. Representational Entity State Transfer (REST)
• Operations map to HTTP verbs
• Retrieve items/lists GET
• Create new item POST
• Update an item PUT or MERGE
• Delete an item DELETE
• These apply to links (lookups) as well
• SharePoint rules apply during updates
• Validation, access control, etc.
18. URL Conventions
Addressing lists and items
List of lists /_api/web/lists
List /_api/web/lists(‘guid’)
List /_api/web/lists/getbytitle(‘Title’)
Items /_api/web/lists/getbytitle('listname')/items
Item /_api/web/lists/getbytitle('listname')/items(1)
Single column /_api/web/lists/getbytitle('listname')/items(1)/fields/getByTitle('Description')
Sorting ?$orderby=Fullname
Filtering $filter=JobTitle eq 'SDE'
Projection ?$select=Fullname,JobTitle
Paging ?$top=10&$skip=30
Inline expansion ?$expand=Project
Presentation options
20. What’s New in CSOM
• Sharing
• Workflow
• E-Discovery
• IRM
• Analytics
• Exchange 2013
• User Profiles
• Search
• Taxonomy
• Feeds
• Publishing
• Business Connectivity
Services
Much more than simple site and list access!
22. App Authentication
• User accesses SharePoint JSOM or REST API’s using inherent SharePoint
security already in place
• Used by Javascript on web pages in App web or using Cross-domain library
• Only runs as User – no App identity
Internal
• Standard Authorization protocol used in many public web sites (FaceBook,
Twitter, Live, Google, etc.) – “Valet Key” to access information
• Requires external authentication server (e.g. Azure ACS)
• Office 365 Auto-Hosted Apps automatically set up for OAuth
External
(OAuth)
• SharePoint server is configured to trust an external server to authenticate
users (Server Server)
• No external authentication server – great for on-premises scenarios
• Uses SSL Certs for simplicity – App code needs access to SSL Private Key
External
(S2S)
23. OAuth – Open Authorization
• Standard in use by dozens of public sites
• Similar to a valet key
• App gives to a partly
trusted 3rd party
• Grants limited access
• SharePoint grants the app access on the user’s behalf
• No need to pass the
user’s credentials
• SharePoint can limit the
scope of access
25. Resources
SharePoint 2013 Development
• Host webs, Web apps, and SharePoint Components: http://bit.ly/R3tUiO
• Data Access Options for Apps in SharePoint 2013: http://bit.ly/Peeof9
• OAuth and SharePoint 2013: http://bit.ly/Ny1jNd
• SharePoint 2013 Workflows: http://bit.ly/PEJCze
• Programming using the SharePoint 2013 REST service: http://bit.ly/LR66Ju
• Programming using the SP 2013 CSOM (JavaScript): http://bit.ly/OJUARG
Contact
• Bob German - @Bob1German
http://msdn.microsoft.com/BobGerman
Bobg@bluemetal.com