Date post: | 05-Dec-2014 |
Category: |
Technology |
Upload: | dragan-panjkov |
View: | 3,516 times |
Download: | 2 times |
TECHNET DAY SARAJEVO 18.12.2012
AllDRAGAN PANJKOV, PLANB.
About Apps
about me
• Dragan Panjkov
• Working with SharePoint since 2007
• www.dragan-panjkov.com
• www.twitter.com/panjkov
• BAM Converter – available on Marketplace and CodePlex
• PlanB. d.o.o.
• www.planb.ba
• SharePoint user group
• www.1sug.com
apps basics
types, basic concepts, development
distribution, upgrade, on-prem config
apps?
introducing apps
• In SharePoint 2013 everything is an app …
• In strict sense: “Apps are self-contained pieces of functionality that extend the capabilities of a SharePoint site.”
why apps
• Isolated (safe!)
• Multi-tenant
• Multiple development possibilities (even non-MS stack)
• Easier to deploy (no SharePointisms by deployment)
• Easier to maintain (lifecycle – versioning, upgrades)
• Manageable (Office Store, Corporate Catalog)
• Cloud ready!
get app to site collection
• All site content provides functionality to add apps
• Both Office Store and corporate catalog visible from single place
• Users can add Apps to be available
• Apps can request permissions, depending on implementation
USER PERSPECTIVE
app types, basic concepts, development
what is an app?• Web application registered with SharePoint, configured using XML
(app.manifest)
<?xml version="1.0" encoding="utf-8" ?><!--Created:cb85b80c-f585-40ff-8bfc-12ff4d0e34a9--><App xmlns="http://schemas.microsoft.com/sharepoint/2012/app/manifest"
Name="SharePointAppSPCADemo"ProductID="{9b33c5b6-bc7c-4905-8b02-e2e24f404fea}"Version="1.0.0.0"SharePointMinVersion="15.0.0.0"
><Properties>
<Title>SharePointApp SPCA Demo</Title><StartPage>~appWebUrl/Pages/Default.aspx?{StandardTokens}</StartPage>
</Properties>
<AppPrincipal><Internal />
</AppPrincipal><AppPermissionRequests>
<AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="Read" /><AppPermissionRequest Scope="http://sharepoint/search" Right="QueryAsUserIgnoreAppPrincipal" />
</AppPermissionRequests></App>
sp app design - a choice of three approaches
App Web
(from WSP)
Parent
Web
SharePoint-hosted App
Provision an isolated sub web on a parent
web
• Reuse web elements
(lists, files, out-of-box web parts)
• No server code allowed; use client
JavaScript for logic, UX
Azure Auto-Provisioned App
Windows Azure + SQL Azure provisioned
invisibly as apps are installed
Azure
(from WebDeploy,
DacPac)
SharePoint Web
Get remote events from
SharePoint
Use CSOM/REST +
OAuth to work with SP
Cloud-based Apps
Developer-Hosted App
“Bring your own server hosting infrastructure”
Developers will need to isolate tenants
SharePoint
WebYour Hosted Site
animated
when to use cloud-hosted apps?Cloud Hosted Apps SharePoint Hosted Apps
Preferred hosting model for almost all
types of apps
Good for smaller apps & resource storage
Full power of web – choose your
infrastructure & technology
SharePoint-based; no server-side code
May require your own hosting Automatically hosted in SharePoint
May require you own handling of
multitenancy & permission management
Inherent multitenancy & isolation
technology comparison
SharePoint Hosted Cloud Hosted
App Scope SharePoint Site Site or Tenancy
Architecture Web Site Multi-Tenant App
Developer Skillset SharePoint + HTML/JS Full Stack
UI Technologies SharePoint + HTML/JS Any Web Stack
Server Code None Any
Storage Lists and Doc Libs Any
Key Limitations No Server Code Hosting Expertise Required
common app architecture
APP
CSOM CSOM
REST
use cases for autohosted apps
• Team apps
• Resource tracking
• Team processes
• Event receivers
• Individual productivity
• Document assembly, etc.
user experience integration
Full page
Implement complete app experiences
to satisfy business scenarios
Parts
Create app parts that can interact
with the SharePoint experience
UI Command extensions
Add new commands to the ribbon and item
menus
developing apps
APP DEVELOPMENT INTRO
app identity
• Challenge with SPS2010
• Farm solutions – too much privileges - risk of RunWithElevatedPrivileges
• Sandbox solutions – no RunWithElevatedPrivileges – always under user context
• In SharePoint 2013 apps have their own identity and specific permissions
• Installing user either grants or denies permissions to host web
• Permission is explicitly given for a specific scope
• App identity is passed around using oAuth tokens
app permissions
• Default rights : Read, Write, Manage and Full Control
• Not possible to customize
• Apps are granted permissions to a scope and all children of the scope
• Defined in declarative XML
app scopes
• SPSite – site collection
• SPWeb – site
• SPList
• Tenancy
• Other scopes (and rights) for performing search queries, accessing taxonomy data, user profiles, etc...
sharepoint apps: establishing trust
azure access control service (ACS)
• ACS is used as authorization server
• required with oAuth implementation in SharePoint 2013
• How is the ACS server configured?
• Automatically done for sites in Office 365 Preview
• On-premise farms, a trust to ACS must be configured.
• Possible to avoid when using Server-to-server (S2S) trust
JavaScript
Library
Silverlight
Library
.Net CLR
Library
Custom Client Code
Client
Server
_api is new alias for _vti_bin/client.svc
sharepoint 2013 remote api
REST
OData
JSON
CSOM
deployment, upgrade, configuration
from developer to end user
Dev center
submissionOffice Store
Integrated
Office
Store
DirectVendor/
IT projects
SharePoint
App Catalog
TRIAL/
PURCHASE
TRIAL/
PURCHASE
Office and SharePoint
Developer
End users
IT admin
apps upgrade process
animated
Infrastructure configuration for SP Apps
1) Wild card DNS entry for app domain
2) Apps service application and subscription service created in environment hosting SP apps
3) SharePoint application for routing the incoming requests to app DNS entry
4) App catalog created for SharePoint applications to enable end users to utilize apps
SharePoint farm
http://*.apps192.168.x.x
dns configuration on-premises
• Define wildcard DNS entry for apps
• *.apps.contoso.com or something similar
• Configure app address in SP side using Central Admin or PowerShell
• One address per farm
app configuration for on-premises farm• Ensure that App service application and subscription service are created and
running in farm
• Subscription service is used to provide unique Site Collection ID for App Urls
• Apps will be hosted on own domain, within their own frame• Leverages web browser same-origin policy for script isolation
• URL naming – each app has unique URL – one app – one = URL• http://default-appUID.apps.contoso.com
• appUID – combination of site collection ID and particular SPWeb where app is installed
http://sp/sites/web http:// /sites/web/appguidtenant-
apphash1.contosoapps.com
main SharePoint site app1 SharePoint site
http://apps-87e90ada14c175.contosoapps.com/sites/web/014c9c59-5d9c-4a59-a5ce-2116a4c90296
apps…
• …are not executed in SharePoint App pool
• …are in most of the cases not even running on SP Server
• …can have full trust, with user’s approval (OAuth)
• …can access SharePoint Data
• …can access outer world non-SharePoint Data
• …can use any external resources
• …can be executed in it’s own chrome, as app parts, or as SharePoint extensions
resources
• dev.office.com
• blogs.msdn.com/b/officeapps
• blog.tedpattison.net
• http://www.andrewconnell.com/blog/archive/2012/10/02/fully-scripted-solution-for-creating-and-registering-self-signed-certs.aspx
• http://www.binarywave.com/blogs/eshupps/Lists/Posts/Post.aspx?ID=267
questions?
WWW.DRAGAN-PANJKOV.COM
@PANJKOV
thank you.
Provider Hosted – S2S
• High trust applications used on-premise
• Can assert any user’s identity
• Requires configuration to establish trust between SharePoint farm and S2S app
• Needs to be done for every S2S app
Configure S2S
• App Isolation is configured
• Disable App Principal check
• Generate Public/Private certificate pair
• Generate Client Id
• Set up Security Token Issuer
• Register App Principal
• Update Web.config and ensure user profiles exist
• http://www.binarywave.com/blogs/eshupps/Lists/Posts/Post.aspx?ID=267