The 7 Things I Know About Cyber Security After 25 Years | April 2024
Â
From Solutions to Apps - Moving to SP2013
1. From Solutions to Apps
Moving to SharePoint 2013
Bob German
Derek Cash-Peterson
BlueMetal Architects
@Bob1German ⢠bobg@bluemetal.com
@SPDCP ⢠derekcp@bluemetal.com
2. Agenda
⢠Apps Model Overview
⢠App Access to SharePoint
â RESTful Access
â Client Side Object Model (CSOM)
â Cross-domain Access
â OAuth Access
⢠Other Topics
@Bob1German ⢠bobg@bluemetal.com
@SPDCP ⢠derekcp@bluemetal.com
3. Apps 101
Host
Web REST or
Client OM
Link or
IFrame
App
@Bob1German ⢠bobg@bluemetal.com
@SPDCP ⢠derekcp@bluemetal.com
4. App Hosting Options
Host Host
Web Web
App App Web
(optional)
Web
App Azure
or other provider
SharePoint Provider or
Hosted App Auto-Hosted App
@Bob1German ⢠bobg@bluemetal.com
@SPDCP ⢠derekcp@bluemetal.com
5. App Hosting Options
App Web Provider or Azure
⢠Provisioned by SharePoint ⢠Auto-hosted apps are
on app installation provisioned by Office 365
⢠No Server Code â period on app installation
(though you can leverage ⢠Pretty much
installed ASP.NET controls) Host
anything goes Web
⢠May contain
declarative, web-scoped ⢠Access host
web via Oauth App
features (lists, site Web
pages, client
script, images, css)
App
⢠Access host web via cross-
domain library @Bob1German ⢠bobg@bluemetal.com
@SPDCP ⢠derekcp@bluemetal.com
6. App Isolation
Host
http://myserver/sites/myweb/
Web
App Web http://app12345/sites/myweb/
(optional)
http://whatevs.com/somepath/
App Azure
or other provider
Different domain names leverage
browsersâ same-origin policy
@Bob1German ⢠bobg@bluemetal.com
@SPDCP ⢠derekcp@bluemetal.com
7. Isolated Application shows:
- Client Side Object Model
- Declarative features in App Site
- Simple Client Web Part (âApp Partâ)
Chord Calculator
DEMONSTRATION
@Bob1German ⢠bobg@bluemetal.com
@SPDCP ⢠derekcp@bluemetal.com
9. Choosing an App Model
2010 Model 2013 Apps
⢠Reuse and backward ⢠App code is reusable in
compatibility with existing SharePoint and Office
solutions ⢠Better isolation â no more
⢠Full access to server OM leftover web parts and lists
â Nearly complete access to ⢠App-level AuthN from Azure
everything in SharePoint or other provider
â Well documented â ⢠No dependency on User
MSDN, many Code Service
books, blogs, etc. ⢠Leverages general web
⢠Leverages SharePoint development skills
development skills
@Bob1German ⢠bobg@bluemetal.com
@SPDCP ⢠derekcp@bluemetal.com
10. Choosing an Access Method
REST CSOM
⢠Synchronous or ⢠Asynchronous only in
asynchronous in Javascript Javascript
⢠Returns entities (e.g. ⢠Returns SharePoint objects
Contact, Task) (e.g. List, ListItem)
⢠Easier access from jQueryâ ⢠Easier access from .NET
no dependency on SP.JS server side
⢠Batched requests
@Bob1German ⢠bobg@bluemetal.com
@SPDCP ⢠derekcp@bluemetal.com
11. Choosing a Hosting Model
SharePoint Hosted Provider / Azure Hosted
⢠No server side code, period ⢠Server-side code
⢠Access to OOB SharePoint ⢠Server is not subject to
web controls on the page cross-domain policy
⢠Able to store content on ⢠More flexible data storage
customerâs SP infrastructure (SQL Azure, etc.)
@Bob1German ⢠bobg@bluemetal.com
@SPDCP ⢠derekcp@bluemetal.com
12. Accessing Data with Client OM
OData
(REST)
@Bob1German ⢠bobg@bluemetal.com
@SPDCP ⢠derekcp@bluemetal.com
13. Whatâs New in CSOM
So much more than simple site and list access!
⢠User Profiles ⢠Sharing
⢠Search ⢠Workflow
⢠Taxonomy ⢠E-Discovery
⢠Feeds ⢠IRM
⢠Publishing ⢠Analytics
⢠Business Connectivity
Services
@Bob1German ⢠bobg@bluemetal.com
@SPDCP ⢠derekcp@bluemetal.com
15. Representational State Transfer (REST)
JSON ATOM JSON ATOM
WPF/WinForm/Office
Silverlight
JavaScript
@Bob1German ⢠bobg@bluemetal.com
@SPDCP ⢠derekcp@bluemetal.com
16. Representational State Transfer (REST)
⢠Operations map to HTTP verbs
â Retrieve items/lists ď GET
â Create new item ď POST
â Update an item ď PUT or MERGE
â Delete an item ď DELETE
â These apply to links (lookups) as well
⢠SharePoint rules apply during updates
â Validation, access control, etc.
@Bob1German ⢠bobg@bluemetal.com
@SPDCP ⢠derekcp@bluemetal.com
17. URL Conventions
⢠Addressing lists and items
List of lists /_api/web/lists
List /_api/web/lists(âguidâ)
List /_api/web/lists/getbytitle(âTitleâ)
Items /_api/web/lists/getbytitle('listname')/items
Item /_api/web/lists/getbytitle('listname')/items(1)
Single column /_api/web/lists/getbytitle('listname')/items(1)/fields/getByTitle
('Description')
Sorting ?$orderby=Fullname
Filtering $filter=JobTitle eq 'SDE'
Projection ?$select=Fullname,JobTitle
Paging ?$top=10&$skip=30
@Bob1German ⢠bobg@bluemetal.com
Inline expansion ?$expand=Project
@SPDCP ⢠derekcp@bluemetal.com
19. Open Authentication
⢠Standard in use by dozens of public
sites
⢠Similar to a valet key
â App gives to a partly
trusted 3rd party
â Grants limited access
⢠SharePoint grants the
app access on the
userâs behalf
â No need to pass the
userâs credentials
â SharePoint can limit the
scope of access
@Bob1German ⢠bobg@bluemetal.com
@SPDCP ⢠derekcp@bluemetal.com
21. Remote Event Receivers
⢠Require a provider or Azure-hosted app
⢠Uses Access Control Services (ACS) token
â Passed from SharePoint to remote web service
â Web service can request a token to send back to SharePoint
⢠SharePoint calls a web service with the following methods:
â ProcessEvent() â Synchronous
â ProcessOneWayEvent() â Asynchronous
⢠List, ListItem, Web, and App level scopes
⢠App Events â call AppEventReceiver.svc
â App Installed
â App Uninstalling
â App Upgraded
⢠Caveats:
â No guaranteed delivery
â Watch latency and performance on synchronous events
@Bob1German ⢠bobg@bluemetal.com
@SPDCP ⢠derekcp@bluemetal.com
23. Resources
SharePoint 2013 Development
⢠Host webs, Web apps, and SharePoint Components: http://bit.ly/R3tUiO
⢠Data Access Options for Apps in SharePoint 2013: http://bit.ly/Peeof9
⢠OAuth and SharePoint 2013: http://bit.ly/Ny1jNd
⢠SharePoint 2013 Workflows: http://bit.ly/PEJCze
⢠Programming using the SharePoint 2013 REST service: http://bit.ly/LR66Ju
⢠Programming using the SP 2013 CSOM (JavaScript): http://bit.ly/OJUARG
Contact Us
⢠Bob German - @Bob1German
http://msdn.microsoft.com/BobGerman
Bobg@bluemetal.com
⢠Derek Cash Peterson - @SPDCP
http://spdcp.com
Derekcp@bluemetal.com
@Bob1German ⢠bobg@bluemetal.com
@SPDCP ⢠derekcp@bluemetal.com
24. was made possible by the generous
support of the following sponsorsâŚ
@Bob1German ⢠bobg@bluemetal.com
Thank you!
And by@SPDCP ⢠derekcp@bluemetal.com
your participationâŚ