This slide deck is presented on Microsoft TechNet Day 2012, organized in Bosnia and Herzegovina. Main goal of this presentation is to introduce new SharePoint Apps to end users, developers and administrators.
2. about me
• Dragan Panjkov
• Working with SharePoint since 2007
• www.dragan-panjkov.com
• www.twitter.com/panjkov
• BAM Converter – available on Marketplace and CodePlex
• PlanB. d.o.o.
• www.planb.ba
• SharePoint user group
• www.1sug.com
5. introducing apps
• In SharePoint 2013 everything is an app …
• In strict sense: “Apps are self-contained pieces of functionality that
extend the capabilities of a SharePoint site.”
6. why apps
• Isolated (safe!)
• Multi-tenant
• Multiple development possibilities (even non-MS stack)
• Easier to deploy (no SharePointisms by deployment)
• Easier to maintain (lifecycle – versioning, upgrades)
• Manageable (Office Store, Corporate Catalog)
• Cloud ready!
7. get app to site collection
• All site content provides functionality to
add apps
• Both Office Store and corporate catalog
visible from single place
• Users can add Apps to be available
• Apps can request permissions,
depending on implementation
10. what is an app?
• Web application registered with SharePoint, configured using XML
(app.manifest)
<?xml version="1.0" encoding="utf-8" ?>
<!--Created:cb85b80c-f585-40ff-8bfc-12ff4d0e34a9-->
<App xmlns="http://schemas.microsoft.com/sharepoint/2012/app/manifest"
Name="SharePointAppSPCADemo"
ProductID="{9b33c5b6-bc7c-4905-8b02-e2e24f404fea}"
Version="1.0.0.0"
SharePointMinVersion="15.0.0.0"
>
<Properties>
<Title>SharePointApp SPCA Demo</Title>
<StartPage>~appWebUrl/Pages/Default.aspx?{StandardTokens}</StartPage>
</Properties>
<AppPrincipal>
<Internal />
</AppPrincipal>
<AppPermissionRequests>
<AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="Read" />
<AppPermissionRequest Scope="http://sharepoint/search" Right="QueryAsUserIgnoreAppPrincipal" />
</AppPermissionRequests>
</App>
11. sp app design - a choice of three approaches
Developer-Hosted App
SharePoint
“Bring your own server hosting infrastructure” Your Hosted Site
Cloud-based Apps Web
Developers will need to isolate tenants
Get remote events from
SharePoint
Use CSOM/REST + Azure Auto-Provisioned App
OAuth to work with SP Azure
Windows Azure + SQL Azure provisioned SharePoint Web (from WebDeploy,
invisibly as apps are installed
DacPac)
SharePoint-hosted App
Parent
Provision an isolated sub web on a parent Web
web
• Reuse web elements App Web
(lists, files, out-of-box web parts)
• No server code allowed; use client
(from WSP)
JavaScript for logic, UX
animated
12. when to use cloud-hosted apps?
Cloud Hosted Apps SharePoint Hosted Apps
Preferred hosting model for almost all Good for smaller apps & resource storage
types of apps
Full power of web – choose your SharePoint-based; no server-side code
infrastructure & technology
May require your own hosting Automatically hosted in SharePoint
May require you own handling of Inherent multitenancy & isolation
multitenancy & permission management
13. technology comparison
SharePoint Hosted Cloud Hosted
App Scope SharePoint Site Site or Tenancy
Architecture Web Site Multi-Tenant App
Developer Skillset SharePoint + HTML/JS Full Stack
UI Technologies SharePoint + HTML/JS Any Web Stack
Server Code None Any
Storage Lists and Doc Libs Any
Key Limitations No Server Code Hosting Expertise Required
15. use cases for autohosted apps
• Team apps
• Resource tracking
• Team processes
• Event receivers
• Individual productivity
• Document assembly, etc.
16. user experience integration
Full page
Implement complete app experiences
to satisfy business scenarios
Parts
Create app parts that can interact
with the SharePoint experience
UI Command extensions
Add new commands to the ribbon and item
menus
19. app identity
• Challenge with SPS2010
• Farm solutions – too much privileges - risk of RunWithElevatedPrivileges
• Sandbox solutions – no RunWithElevatedPrivileges – always under user
context
• In SharePoint 2013 apps have their own identity and specific
permissions
• Installing user either grants or denies permissions to host web
• Permission is explicitly given for a specific scope
• App identity is passed around using oAuth tokens
20. app permissions
• Default rights : Read, Write, Manage and Full Control
• Not possible to customize
• Apps are granted permissions to a scope and all children of the
scope
• Defined in declarative XML
21. app scopes
• SPSite – site collection
• SPWeb – site
• SPList
• Tenancy
• Other scopes (and rights) for performing search queries, accessing
taxonomy data, user profiles, etc...
23. azure access control service (ACS)
• ACS is used as authorization server
• required with oAuth implementation in SharePoint 2013
• How is the ACS server configured?
• Automatically done for sites in Office 365 Preview
• On-premise farms, a trust to ACS must be configured.
• Possible to avoid when using Server-to-server (S2S) trust
24. sharepoint 2013 remote api
_api is new alias for _vti_bin/client.svc
Server
Client REST CSOM
OData
JSON
JavaScript Silverlight .Net CLR
Library Library Library
Custom Client Code
26. from developer to end user
Office and SharePoint
Dev center Integrated
Office Store TRIAL/
submission PURCHASE Office
Store
End users
TRIAL/
PURCHASE
Developer
Vendor/ SharePoint
Direct
IT projects App Catalog
IT admin
28. Infrastructure configuration for SP Apps
1) Wild card DNS entry for app domain
2) Apps service application and subscription service created in
environment hosting SP apps
3) SharePoint application for routing the incoming requests to app
DNS entry
4) App catalog created for SharePoint applications to enable end
users to utilize apps
SharePoint farm
http://*.apps
192.168.x.x
29. dns configuration on-premises
• Define wildcard DNS entry for apps
• *.apps.contoso.com or something similar
• Configure app address in SP side using
Central Admin or PowerShell
• One address per farm
30. app configuration for on-premises farm
• Ensure that App service application and subscription service are created and
running in farm
• Subscription service is used to provide unique Site Collection ID for App Urls
main SharePoint site app1 SharePoint site
tenant-
http://sp/sites/web http:// /sites/web/appguid
apphash1.contosoapps.com
http://apps-87e90ada14c175.contosoapps.com/sites/web/014c9c59-5d9c-4a59-a5ce-2116a4c90296
• Apps will be hosted on own domain, within their own frame
• Leverages web browser same-origin policy for script isolation
• URL naming – each app has unique URL – one app – one = URL
• http://default-appUID.apps.contoso.com
• appUID – combination of site collection ID and particular SPWeb where app is installed
31. apps…
• …are not executed in SharePoint App pool
• …are in most of the cases not even running on SP Server
• …can have full trust, with user’s approval (OAuth)
• …can access SharePoint Data
• …can access outer world non-SharePoint Data
• …can use any external resources
• …can be executed in it’s own chrome, as app parts, or as
SharePoint extensions
35. Provider Hosted – S2S
• High trust applications used on-premise
• Can assert any user’s identity
• Requires configuration to establish trust between SharePoint farm
and S2S app
• Needs to be done for every S2S app
36. Configure S2S
• App Isolation is configured
• Disable App Principal check
• Generate Public/Private certificate pair
• Generate Client Id
• Set up Security Token Issuer
• Register App Principal
• Update Web.config and ensure user profiles exist
• http://www.binarywave.com/blogs/eshupps/Lists/Posts/Post.aspx?
ID=267