developing apps for sharepoint 2013
DESCRIPTION
One of the biggest news of SharePoint 2013 is the app model, which allows creating apps for selling them through a public marketplace, the Microsoft Office Store, as well as for publishing them in a corporate App Catalog. In this session you will learn what an app is, what are the available hosting models, how you can leverage the Client Side Object Model and the REST API to enrich your solutions. Moreover, you will learn how to publish your apps to the Office Store, or on the corporate App Catalog. The overall goal of the session is to make you aware of the real potentials of this new capability. To attend this session you should have a good understanding of developing with .NET and general knowledge of SharePoint 2013.TRANSCRIPT
SHAREPOINT AND PROJECT CONFERENCE ADRIATICS 2013
ZAGREB, NOVEMBER 27-28 2013
Developing Apps for SharePoint 2013
PAOLO PIALORSI, [email protected]
sponsors
Something about me• Consultant, project manager and trainer• More than 40 Microsoft certification exams passed
• Microsoft Certified Solution Master – Charter SharePoint
• Focused on SharePoint since the beginning• Author of 10 books about XML, SOAP, .NET, LINQ
and SharePoint• Microsoft SharePoint 2010 Developer Reference, Microsoft Press• Microsoft SharePoint 2013 Developer Reference, Microsoft Press• Build Windows 8 Apps with Microsoft Visual C# and
Visual Basic Step by Step, Microsoft Press
• Speaker at main IT conferences
Agenda• Apps Model Overview• Architecture• Hosting Model• UI Options• App Manifest• Publishing apps
• App Security Model• What’s new in Visual Studio 2013 RTM
APPS MODEL OVERVIEW
Once upon a time …
Farm solutions
Full trust solutions File system access GAC deploy 14 hive access .NET managed code Inherited from
SP2007
Sandbox solutions
Partially trusted code Limited API .NET managed code No access to file
system No calls to services
Apps
New model app-oriented
Deployed from corporate catalog or Office Store
Based on web standards
No code with server object mode! solutions model apps model
SP2010
SP2013
A LAP AROUND THE APP MODEL
Three types of Apps
App Web
Parent Web
(host web)
SharePoint-Hosted AppProvision an isolated sub web on a parent web• Reuse web elements
(lists, files, out-of-box web parts)
• No server code allowed; use client JavaScript for logic, HTML/CSS for UX
Autohosted AppWindows Azure + Windows Azure SQL Database provisioned invisibly as apps are installed
AzureSharePoint Web
Get remote events from SharePoint Use CSOM/REST + OAuth to work with SP
Cloud-based Apps
Provider-Hosted App“Bring your own server hosting infrastructure”Developers will need to isolate tenants
SharePoint
Web
Your Hosted
Site
App Web
(optional)The infrastructure for autohosted apps will remain in preview status
for a period of time after SharePoint 2013 releases.
Autohosted apps (which includes all apps that depend on Access)
will not be accepted by the Office Store during this preview phase.
Windows Azure SQL Database
Apps programming model• Client-side pattern (ALL)• HTML5, CSS, JavaScript• Leverage Javascript libraries
like JQuery, KnockoutJs, Angular, etc.
• Server-side pattern (CLOUD-ONLY)• Use your own infrastructure• Use your preferred language
(ASP.NET, PHP, JSP, ecc..)• Use client-side object model
or REST to get info from SharePoint
• Hybrid pattern (CLOUD-ONLY)• Mix-and-match client-side pattern with server-side pattern
Apps UI options• Immersive full page - are like application pages, with
HTML, CSS, JavaScript • Including SharePoint OOB controls in SharePoint-hosted apps
• Part - are simple IFRAMEs • UI Custom Actions - are SharePoint custom actions like
Ribbons or ECB item actions
A FIRST SAMPLE APP
App Manifest• General• Title, version, startup page, ecc.
• Permissions• Permission required to run the app• The end user installing the app will have to trust it
• Prerequisites• Software prerequisites to correctly run the app
• Supported Locales• EN-US is required to publish apps on the Office Store
• Remote Endpoints• For declaring endpoints of remote services supporting the app
Options for publishing apps• Office Store – You can build your app, submit to
Microsoft for approval and make the app publically available, with your license policies, in order to be aquired by users with any SharePoint environments• Corporate App Catalog – You can put your app into a
company internal catalog, hosted on your SharePoint environment, in order to make it available to your final users
What can we do in apps?• Pages• App Parts• UI Extensions• Content (lists, libraries, items)• Workflows• Remote Event Receivers• Business Connectivity Services (OData)• Etc.
A SAMPLE WORKFLOW-BASED APP
APPS SECURITY MODEL => OAUTH
OAuth• OAuth is an open protocol for authenticating apps and
allowing secure API authorization from desktop and web applications through a web based standard and simple technique. • For example: authorize the printing app to read pictures
from my Facebook profile, or from my SkyDrive
OAuth FlowSTS (ACS)
SharePoint Server
Client
Intranet.contoso.com
7- Access token
10. IFrame contents
5. Request IFrame contents
4. Page - IFrame 9. SharePoint data
8. Request – Access token1.
Request
2. Request context token
3. Signed context token 6.
Refreshtoken
Is the endpoint outside
of an app web?
Does the token
include user info?
Is endpoint CSOM?
OAuth token
present?
Use anonymous
context
Set app and user context
Set user context
End
Start
User credentia
ls provided
?
Set App-Only context
Yes
Yes
Yes
Yes
Yes
No
No No No
No
SharePoint 2013 Apps’ Authentication
App Permissions• App are granted permissions• App permissions are different from user permissions• App permissions are granted as all or nothing• App permissions have no permissions hierarchy
• this is different than user permissions which have a hierarchy inside a site collection
• An app has default permissions• App has full control over app web but no other default
permissions• App can include permission request in application manifest• Installing user grants/denies permissions during installation• If permission request denied, SharePoint does not install app
S2S High Trust Scenario• High Trust != Full Trust• Alternative to OAuth• Leveraged by apps and infrastructural services
• Workflow Manager, Exchange, etc.
• Direct trust relationship between SP2013 and the external service• Based on X.509 certificates• One certificate for each app (avoid sharing certs across apps)
• Available for Provider-hosted apps• Supported by wizard of VS2012/VS2013• A little bit «complicated» to configure, using PowerShell
WHAT’S NEW WITH VISUAL STUDIO 2013
Apps for SharePoint in VS2013 RTM• New MVC5 template for App for SharePoint• SharePointContext helper classes• Independent from ACS or S2S• Access token caching• Object model wrapper
• App for SharePoint Web Toolkit via NuGet• Available for VS2012, as well
• Workflow remote debugging via Azure Service Bus
Cloud Business Apps• New project (solution) template• Highly productive development experience• Based on LightSwitch HTML client• Can consume external data sources (SharePoint, SQL Server,
OData, ecc.)
• Multi-browser/multi-device• Integrated with social features of SharePoint• Support social feeds• Does not yet support Yammer …
• Easy deployment/publishing of business apps
questions?
HTTP://WWW.SHAREPOINT-REFERENCE.COM/BLOG/
@PAOLOPIA
thank you.
SHAREPOINT AND PROJECT CONFERENCE ADRIATICS 2013
ZAGREB, NOVEMBER 27-28 2013