SPS Belgium 2015 - High-trust Apps for On-Premises Development

•Download as PPTX, PDF•

0 likes•500 views

This document summarizes the high-trust app model for on-premises SharePoint development. It discusses the differences between low-trust and high-trust app authentication, how high-trust apps use certificates instead of OAuth, and the prerequisites and mechanism for high-trust app authentication. It also covers some gotchas, using other authentication methods, technology stacks, extending the TokenHelper code, and provides examples of high-trust app projects and information sources.

Technology

High-Trust App Model for On-Premises
Development
#SPSBE06
Edin Kapić
April 18th, 2015

PlatinumGoldSilver
Thanks to our sponsors!

http://www.spsevents.org/city/Barcelona/Barcelona2015/
SharePoint, sun and beach (Sept 26th)

Agenda
 SharePoint app model review
 High-trust apps mechanism
 DEMO
 Advanced scenarios

SharePoint “cloud apps model”
 SharePoint-hosted
apps
 Provider-hosted apps
(remote apps)

Provider-hosted apps
 The code runs in a separate server
 Uses REST/CSOM API to call
SharePoint
 Uses OAuth for authorization

App authentication
 Apps are now first class security
principals
 They have their own identity and
permissions
 App authentication only happens
on REST/CSOM endpoints

App authentication methods
 OAuth
 Brokered by Access Control Service (ACS)
• Server-to-server
 Using SSL certificates

High-trust app prerequisites
 SSL certificate
 Configure Trusted Root Authority
 Configure Trusted Token Issuer
 Secure Token Service
 User profiles

High-trust mechanism
 App has x.509 certificate with public/private key pair
 Private key used to sign certain aspects in access token
 Public key registered with SharePoint farm
 This creates a trusted security token issuer
 App creates access token to call into SharePoint
 App creates access token with a specific client ID and signs it with private key
 Trusted security token issuer validates signature
 SharePoint establishes app identity
 App identity maps to a specific client ID
 You can have many client IDs associated with a single x.509 certificate
Ted Pattison SPC12 talk

Gotchas
 Provider-hosted app authentication (Windows,
SAML, fixed…)
 SharePoint host web application mode (Claims,
Classic-Windows) can cause auth failures
 TokenHelper uses Active Directory SID as the
identifier
 App-only tokens are not supported by all API areas

Using other authentication methods
 TokenHelper uses WindowsIdentity under the covers
 Custom code for SAML Federated Authentication
contributed by Wictor Wilén (http://bit.ly/1aFponK)
 FBA is also supported

Using other technology stacks
 Overview of options by Kirk
Evans http://bit.ly/1jK3Evh
 Java, PHP, Node.js
 JWT token creation
 Token signing with X.509
certificate

Extending the TokenHelper code
 TokenHelper is just code, you can edit and extend it
 Retrieving app parameters from a database
 Caching access tokens
 Creating custom user identity
 Extending token lifetime
 Retrieving certificates from a repository

My recent project
 3 provider-hosted apps (2 MVC, 1 Lightswitch)
 SharePoint 2013 back-end platform
 2 types of users
 Windows
 Online Banking

High-trust apps in SharePoint 2013
 Alternative for on-premises app
development
 Cloud-ready code
 More flexible than the low-trust
apps

Useful information sources about HTA
 Kirk Evans
http://blogs.msdn.com/b/kaevans/
 Steve Peschka
http://blogs.technet.com/b/speschka/
 Wictor Wilén
http://www.wictorwilen.se

Thank you!
Dank jullie wel!
Merci beaucoup!
Vielen dank!

SPS Belgium 2015 - High-trust Apps for On-Premises Development

What's hot

Creating a Sign On with Open id connect

Derek Binkley

OAuth in SharePoint 2013

Dinusha Kumarasiri

Microsoft identity manoj mittal

Manoj Mittal

How will SharePoint 2010 allow organizations to collaborate and share knowledge with clients and partners? SharePoint empowers organization to build extranet sites and partner portals inexpensively and securely. Learn what exactly is claims based authentication and how can to use it. Learn about the new multi-authentication mode in SharePoint 2010. Learn how SharePoint 2010 can help your organization open its doors to its clients and partners securely.

SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...

Brian Culver

How to deploy SharePoint 2010 to external users?

rlsoft

Presentation

Laxman Kumar

Building an SSO platform in php (Zendcon 2010)

Ivo Jansch

Entreprises are deploying more applications to workers phones and tablets. These applications are currently all using separate authentications to establish user identity and authorization. This session will look at how the Native Application profile of OpenID Connect creates a local token broker on the device to centralize authentication for multiple enterprise and SaaS applications on a device. This can be used to increase security by enabling additional authentication factors and a enhanced view of device posture, as well as increasing usability, bu reducing the number of unnecessary authentications that interrupt the users work flow every day.

CIS 2015 Extreme OpenID Connect - John Bradley

CloudIDSummit

Open Id, O Auth And Webservices

Myles Eftos

European SharePoint Conference 2014 in Barcelona. Presentation Description: In this session we look at modern forms of authentication . We’ll cover Windows Server Active Directory Federation Services (ADFS) concepts and look at federation with SharePoint. There are a number of difficulties that you’ll need to overcome implementing SAML claims with SP, for example people picker, user profile import, problematic use of some SharePoint apps. We’ll also cover the infrastructure side like making it work with host named site collections, reverse proxy servers and other user directories. Moving to the cloud we’ll look at the authentication architecture of the standards employed; like OAUTH, WS-* and OpenID Connect. Presentation Benefit Get a better understanding of Windows Server Active Directory Federation Services (ADFS) concepts and SAML claims connection with SharePoint. You will learn... Understand authentication architecture and standards employed. ADFS concepts How to implement SAML claims

T28 implementing adfs and hybrid share point

Thorbjørn Værp

Saml vs Oauth : Which one should I use?

Anil Saldanha

Introduction to Azure AD and Azure AD B2C

Joonas Westlin

This session will teach you everything that you need to know in order to understand SharePoint Apps, authentication and authorization. Learn about the different type of Apps, the underlying Apps architecture and how to configure an on-premises environment to support Apps. Also you will learn about the different authentications options available for integrating apps, devices, and applications for on-prem scenarios, in the cloud and hybrid.

Understanding SharePoint Apps, authentication and authorization infrastructur...

SPC Adriatics

Claims Based Identity In Share Point 2010

Steve Sofian

WSO2 Identity Server - Getting Started

Ismaeel Enjreny

AD FS Workshop | Part 2 | Deep Dive

Granikos GmbH & Co. KG

Intelligent Cloud Conference: Azure AD B2C Application security made easy

Sjoukje Zaal

SharePoint 2013 APIs demystified

SPC Adriatics

Box connector

Thang Loi

Application Security- App security

Eng Teong Cheah

What's hot (20)

Creating a Sign On with Open id connect

OAuth in SharePoint 2013

Microsoft identity manoj mittal

SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...

How to deploy SharePoint 2010 to external users?

Presentation

Building an SSO platform in php (Zendcon 2010)

CIS 2015 Extreme OpenID Connect - John Bradley

Open Id, O Auth And Webservices

T28 implementing adfs and hybrid share point

Saml vs Oauth : Which one should I use?

Introduction to Azure AD and Azure AD B2C

Understanding SharePoint Apps, authentication and authorization infrastructur...

Claims Based Identity In Share Point 2010

WSO2 Identity Server - Getting Started

AD FS Workshop | Part 2 | Deep Dive

Intelligent Cloud Conference: Azure AD B2C Application security made easy

SharePoint 2013 APIs demystified

Box connector

Application Security- App security

Viewers also liked

SharePoint allows extensibility in many ways for the developers to add functionality by writing custom components such as web parts, timer jobs, event receivers and so on. The unfortunate side effect is that often it explodes into a unmanageable mess. In this session you will learn how to design and write those components with the maintainability in mind. You will see how to properly separate the code that deals with different responsibilities, how to unit test your code, how to add a service layer to your SharePoint customization and how to properly manage the branches and concurrent development.

SharePoint Saturday Stockholm 2015 - Building Maintainable and Testable Share...

Edin Kapic

Avances y Desarrollo del Servicio Geológico Minero Argentino en Cartografía D...

Carlos Gabriel Asato

Universidad de La Habana - SharePoint, Listas y XSLT

Edin Kapic

Impacto del Modelo Conceptual de Sistema, en la Gestión y Gobernanza de los...

Carlos Gabriel Asato

Personal Branding for Developers

Edin Kapic

Rx la joya oculta de Net

Edin Kapic

Viewers also liked (6)

SharePoint Saturday Stockholm 2015 - Building Maintainable and Testable Share...

Avances y Desarrollo del Servicio Geológico Minero Argentino en Cartografía D...

Universidad de La Habana - SharePoint, Listas y XSLT

Impacto del Modelo Conceptual de Sistema, en la Gestión y Gobernanza de los...

Personal Branding for Developers

Rx la joya oculta de Net

Similar to SPS Belgium 2015 - High-trust Apps for On-Premises Development

SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud

Danny Jessee

Claims-Based Identity in SharePoint 2010

Danny Jessee

SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud

Danny Jessee

Claims-Based Identity, Facebook, and the Cloud

Danny Jessee

SharePoint 2010,Claims-Based Identity, Facebook, and the Cloud

Danny Jessee

CTU June 2011 - Windows Azure App Fabric

Spiffy

Securing SharePoint Apps with OAuth

Kashif Imran

SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud

Danny Jessee

DD109 Claims Based AuthN in SharePoint 2010

Spencer Harbar

OAuth - Don’t Throw the Baby Out with the Bathwater

Apigee | Google Cloud

OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...

Brian Campbell

Cartes Asia Dem 2010 V2

Donald Malloy

ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS

AWS User Group Kochi

Api security

teodorcotruta

How will SharePoint 2013 allow organizations to collaborate and share knowledge with clients and partners? SharePoint empowers organization to build extranet sites and partner portals inexpensively and securely. Learn about the Product Catalog site template and how you can to use it. Learn about the new improvements in SharePoint 2013 regarding extranets. Learn how SharePoint 2013 can help your organization open its doors to its clients and partners securely.

SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...

Brian Culver

Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...

Amazon Web Services

Deep Dive on Amazon Cognito - DevDay Los Angeles 2017

Amazon Web Services

The new SharePoint 2013 App model extends native SharePoint applications into the cloud, allowing developers to write applications that interact with SharePoint data remotely. With these new capabilities come additional challenges for managing security and user authorization via OAuth. Administrators, IT professionals, and developers should attend this session to familiarize themselves with the core concepts behind OAuth in SharePoint 2013, learn how best to configure and manage OAuth in their environment, and discover how OAuth is used in the SharePoint app model.

Who Are You and What Do You Want? Working with OAuth in SharePoint 2013.

Eric Shupps

Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...

Amazon Web Services

Learning Objectives: -Understand user identity and federation principles and practices -Learn how Amazon Cognito supports SAML and 3rd party IdP integration -Demonstrate how to use Amazon Cognito’s built-in UI for user identity management. App developers need a system to manage the identities of their users for sign-up, sign-in, and access control. Amazon Cognito now provides a public beta of built-in UI for developers to add user sign-up and sign-in pages to their application and customize the looks and feel of those pages simply through the Amazon Cognito console. Also in the public beta, Amazon Cognito now provides support for SAML based federation of user identities for integration with enterprise based directory systems and simplified support for 3rd party Identity Providers (IdP) such as Facebook and Google. This tech talk will provide a brief overview of Amazon Cognito and then discuss the details of the new features and capabilities of the public beta.

Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...

Amazon Web Services

Similar to SPS Belgium 2015 - High-trust Apps for On-Premises Development (20)

SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud

Claims-Based Identity in SharePoint 2010

SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud

Claims-Based Identity, Facebook, and the Cloud

SharePoint 2010,Claims-Based Identity, Facebook, and the Cloud

CTU June 2011 - Windows Azure App Fabric

Securing SharePoint Apps with OAuth

SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud

DD109 Claims Based AuthN in SharePoint 2010

OAuth - Don’t Throw the Baby Out with the Bathwater

OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...

Cartes Asia Dem 2010 V2

ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS

Api security

SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...

Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...

Deep Dive on Amazon Cognito - DevDay Los Angeles 2017

Who Are You and What Do You Want? Working with OAuth in SharePoint 2013.

Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...

Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...

More from Edin Kapic

ESPC14 Social Business Value Demystified

Edin Kapic

Maintainable Testable SharePoint Components SPSBE 2014

Edin Kapic

MVP Open Day 2014 - Hacking Human Behaviour

Edin Kapic

Learn best practices and patterns to build your next super-scalable SharePoint 2013 App. You will see how to pair the power of the browser and the cloud to build a SharePoint app that runs like a cheetah. We will go in depth on how the modern SharePoint 2013 app is built on Windows Azure, demo and learn how to manage the different mechanisms for scaling that are available to us, such as non-relational databases, cache, asynchronous API calls and queuing. You will take away code samples and guidance that will enable you to scale you next SharePoint 2013 app.

SPS Stockholm 7 Key Things for Building a Highly-Scalable SharePoint 2013 App

Edin Kapic

My slides from SharePoint Summit Vancouver 2013 talk. Learn best practices and patterns to build your next superscalable SharePoint 2013 App. You will see how to pair the power of the browser and the cloud to build a SharePoint app that runs like a cheetah. We will go in depth on how the modern SharePoint 2013 app is build on Windows Azure, demo and learn how to manage the different mechanisms for scaling that are available to us, such as non-relational databases, cache, asynchronous API calls and queuing. You will take away code samples and guidance that will enable you to scale you next SharePoint 2013 app.

7 Key Things for Building a Highly-Scalable SharePoint 2013 App

Edin Kapic

My slides from SharePoint Summit Vancouver 2013 talk. The core message of SharePoint 2013 is that social computing is here to stay. However, organizations keep facing conflicting messages on how to align business value and social technologies. In this session you will learn how to connect business value and social features of SharePoint in order to support the organizational activities, how to organize communities of knowledge and how to integrate search and metadata into your overall social enterprise strategy. Learn from the real-world social experiences with SharePoint and avoid the common mistakes in your organization social strategy.

Social Business Value Demystified: Real-World Experiences

Edin Kapic

The User Experience (UX) and design work are usually done by skilled professionals or by the developers themselves. The first option is almost always satisfactory but it puts the bottleneck on the designer and it is usually done hiring a designer, adding to your project costs. The second option is cheaper and immediate but, sincerely, most of the design done by developers is "less then stellar" (in kind words). However, you don't have to pursue a designer carreer to successfully make a design for your next project. By applying time-proven knowledge and reusing great designs, you can have the best of both worlds. Your design won't play in Champions League (some things are best done by professionals) but it will surely be more than a match for your needs. Learn the basic design concepts, essentials and recipes, without the boring stuff. Your next project will be glad you did. BONUS: Get HubSpot scrapbook of brilliant homepage designs! http://bit.ly/1hrvhad

BcnDevCon13 - No Designer? No Problem!

Edin Kapic

BcnDevCon12 - Una vuelta por Orchard CMS

Edin Kapic

BcnDevCon12 - CQRS explicado a mi compañero arquitecto

Edin Kapic

Modelos de madurez de SharePoint

Edin Kapic

SharePoint 2013 Novedades y más allá (Introducción de SUG.CAT)

Edin Kapic

SUG.CAT First Monday Noviembre 2012

Edin Kapic

JavaScript per a desenvolupadors de C#

Edin Kapic

CatDotNet - Farmville para SharePoint

Edin Kapic

SharePoint kao razvojna platforma za ASP.NET developere

Edin Kapic

More from Edin Kapic (15)

ESPC14 Social Business Value Demystified

Maintainable Testable SharePoint Components SPSBE 2014

MVP Open Day 2014 - Hacking Human Behaviour

SPS Stockholm 7 Key Things for Building a Highly-Scalable SharePoint 2013 App

7 Key Things for Building a Highly-Scalable SharePoint 2013 App

Social Business Value Demystified: Real-World Experiences

BcnDevCon13 - No Designer? No Problem!

BcnDevCon12 - Una vuelta por Orchard CMS

BcnDevCon12 - CQRS explicado a mi compañero arquitecto

Modelos de madurez de SharePoint

SharePoint 2013 Novedades y más allá (Introducción de SUG.CAT)

SUG.CAT First Monday Noviembre 2012

JavaScript per a desenvolupadors de C#

CatDotNet - Farmville para SharePoint

SharePoint kao razvojna platforma za ASP.NET developere

Recently uploaded

MySQL Webinar, presented on the 25th of April, 2024. Summary: MySQL solutions enable the deployment of diverse Database Architectures tailored to specific needs, including High Availability, Disaster Recovery, and Read Scale-Out. With MySQL Shell's AdminAPI, administrators can seamlessly set up, manage, and monitor these solutions, ensuring efficiency and ease of use in their administration. MySQL Router, on the other hand, provides transparent routing from the application traffic to the backend servers in the architectures, requiring minimal configuration. Completely built in-house and supported by Oracle, these solutions have been adopted by enterprises of all sizes for their business-critical applications. In this presentation, we'll delve into various database architecture solutions to help you choose the right one based on your business requirements. Focusing on technical details and the latest features to maximize the potential of these solutions.

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Miguel Araújo

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

Heather Hedden, Senior Consultant at Enterprise Knowledge, presented “The Role of Taxonomy and Ontology in Semantic Layers” at a webinar hosted by Progress Semaphore on April 16, 2024. Taxonomies at their core enable effective tagging and retrieval of content, and combined with ontologies they extend to the management and understanding of related data. There are even greater benefits of taxonomies and ontologies to enhance your enterprise information architecture when applying them to a semantic layer. A survey by DBP-Institute found that enterprises using a semantic layer see their business outcomes improve by four times, while reducing their data and analytics costs. Extending taxonomies to a semantic layer can be a game-changing solution, allowing you to connect information silos, alleviate knowledge gaps, and derive new insights. Hedden, who specializes in taxonomy design and implementation, presented how the value of taxonomies shouldn’t reside in silos but be integrated with ontologies into a semantic layer. Learn about: - The essence and purpose of taxonomies and ontologies in information and knowledge management; - Advantages of semantic layers leveraging organizational taxonomies; and - Components and approaches to creating a semantic layer, including the integration of taxonomies and ontologies

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf

Enterprise Knowledge

Evaluating the top large language models.pdf

ChristopherTHyatt

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Drew Madelung

As privacy and data protection regulations evolve rapidly, organizations operating in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in multiple states this year, it is essential to understand what their unique data protection regulations will require clearly. How will data privacy evolve in the US in 2024? How to stay compliant? Our panellists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements. This webinar will review: - The essential aspects of each state's privacy landscape and the latest updates - Common compliance challenges faced by organizations operating in multiple states and best practices to achieve regulatory adherence - Valuable insights into potential changes to existing regulations and prepare your organization for the evolving landscape

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

Building Digital Trust in a Digital Economy Veronica Tan, Director - Cyber Security Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

apidays

Enterprise Knowledge’s Urmi Majumder, Principal Data Architecture Consultant, and Fernando Aguilar Islas, Senior Data Science Consultant, presented "Driving Behavioral Change for Information Management through Data-Driven Green Strategy" on March 27, 2024 at Enterprise Data World (EDW) in Orlando, Florida. In this presentation, Urmi and Fernando discussed a case study describing how the information management division in a large supply chain organization drove user behavior change through awareness of the carbon footprint of their duplicated and near-duplicated content, identified via advanced data analytics. Check out their presentation to gain valuable perspectives on utilizing data-driven strategies to influence positive behavioral shifts and support sustainability initiatives within your organization. In this session, participants gained answers to the following questions: - What is a Green Information Management (IM) Strategy, and why should you have one? - How can Artificial Intelligence (AI) and Machine Learning (ML) support your Green IM Strategy through content deduplication? - How can an organization use insights into their data to influence employee behavior for IM? - How can you reap additional benefits from content reduction that go beyond Green IM?

Driving Behavioral Change for Information Management through Data-Driven Gree...

Enterprise Knowledge

A Domino Admins Adventures (Engage 2024)

Gabriella Davis

Presentation on how to chat with PDF using ChatGPT code interpreter

naman860154

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

Partners Life - Insurer Innovation Award 2024

The Digital Insurer

Tech Trends Report 2024 Future Today Institute.pdf

hans926745

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Rafal Los

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

[2024]Digital Global Overview Report 2024 Meltwater.pdf

hans926745

Recently uploaded (20)

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Strategies for Landing an Oracle DBA Job as a Fresher

2024: Domino Containers - The Next Step. News from the Domino Container commu...

How to Troubleshoot Apps for the Modern Connected Worker

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf

Evaluating the top large language models.pdf

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

presentation ICT roal in 21st century education

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

Driving Behavioral Change for Information Management through Data-Driven Gree...

A Domino Admins Adventures (Engage 2024)

Presentation on how to chat with PDF using ChatGPT code interpreter

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Axa Assurance Maroc - Insurer Innovation Award 2024

Partners Life - Insurer Innovation Award 2024

Tech Trends Report 2024 Future Today Institute.pdf

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Exploring the Future Potential of AI-Enabled Smartphone Processors

[2024]Digital Global Overview Report 2024 Meltwater.pdf

SPS Belgium 2015 - High-trust Apps for On-Premises Development

1. High-Trust App Model for On-Premises Development #SPSBE06 Edin Kapić April 18th, 2015

2. PlatinumGoldSilver Thanks to our sponsors!

3. About me edinkapic @ekapic

4. http://www.spsevents.org/city/Barcelona/Barcelona2015/ SharePoint, sun and beach (Sept 26th)

6. Agenda  SharePoint app model review  High-trust apps mechanism  DEMO  Advanced scenarios

7. SharePoint “cloud apps model”  SharePoint-hosted apps  Provider-hosted apps (remote apps)

8. Provider-hosted apps  The code runs in a separate server  Uses REST/CSOM API to call SharePoint  Uses OAuth for authorization

9. App authentication  Apps are now first class security principals  They have their own identity and permissions  App authentication only happens on REST/CSOM endpoints

10. App authentication methods  OAuth  Brokered by Access Control Service (ACS) • Server-to-server  Using SSL certificates

11. Low-trust app authentication

12. High-trust app authentication

13.

14.

15. High-trust app prerequisites  SSL certificate  Configure Trusted Root Authority  Configure Trusted Token Issuer  Secure Token Service  User profiles

16. High-trust mechanism  App has x.509 certificate with public/private key pair  Private key used to sign certain aspects in access token  Public key registered with SharePoint farm  This creates a trusted security token issuer  App creates access token to call into SharePoint  App creates access token with a specific client ID and signs it with private key  Trusted security token issuer validates signature  SharePoint establishes app identity  App identity maps to a specific client ID  You can have many client IDs associated with a single x.509 certificate Ted Pattison SPC12 talk

17.

18. Gotchas  Provider-hosted app authentication (Windows, SAML, fixed…)  SharePoint host web application mode (Claims, Classic-Windows) can cause auth failures  TokenHelper uses Active Directory SID as the identifier  App-only tokens are not supported by all API areas

19.

20. Using other authentication methods  TokenHelper uses WindowsIdentity under the covers  Custom code for SAML Federated Authentication contributed by Wictor Wilén (http://bit.ly/1aFponK)  FBA is also supported

21. Using other technology stacks  Overview of options by Kirk Evans http://bit.ly/1jK3Evh  Java, PHP, Node.js  JWT token creation  Token signing with X.509 certificate

22. Extending the TokenHelper code  TokenHelper is just code, you can edit and extend it  Retrieving app parameters from a database  Caching access tokens  Creating custom user identity  Extending token lifetime  Retrieving certificates from a repository

23. My recent project  3 provider-hosted apps (2 MVC, 1 Lightswitch)  SharePoint 2013 back-end platform  2 types of users  Windows  Online Banking

24.

25. High-trust apps in SharePoint 2013  Alternative for on-premises app development  Cloud-ready code  More flexible than the low-trust apps

26. Useful information sources about HTA  Kirk Evans http://blogs.msdn.com/b/kaevans/  Steve Peschka http://blogs.technet.com/b/speschka/  Wictor Wilén http://www.wictorwilen.se

27. Thank you! Dank jullie wel! Merci beaucoup! Vielen dank!

Editor's Notes

Template may not be modified Twitter hashtag: #spsbe for all sessions

SPS Belgium 2015 - High-trust Apps for On-Premises Development

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (6)

Similar to SPS Belgium 2015 - High-trust Apps for On-Premises Development

Similar to SPS Belgium 2015 - High-trust Apps for On-Premises Development (20)

More from Edin Kapic

More from Edin Kapic (15)

Recently uploaded

Recently uploaded (20)

SPS Belgium 2015 - High-trust Apps for On-Premises Development

Editor's Notes