Intro Apps

Andy Van Steenbergen

News

RoadMap Intro about APPS Intro SharePoint hosted Apps Intro SharePoint provider hosted Apps Intro SharePoint autohosted apps

new speakers - Contact joris.poelmans@biwug.be

2 new board members

4 new sessions planned

About me

Andy Van SteenbergenSenior SharePoint consultant @ OrdinaSP Competence Center LeadLesgever @ CVO Antwerpen

@Meligo#SharingIsCaring

Blog.meligo.be

BIWUGBoard Member

MicrosoftExtendedExpertTeamMember

Voting SystemApps, what is the difference... a story > Speaker: Andy Van Steenbergen

The Consumerization of the Intranet… > Speaker: Peter van Hees

Trends impacting the way we workDevices

1 billionsmartphones, 4 years ahead of predictions

Cloud

50%of enterprise customers are “on the road” to cloud

People

For the first time in modern history, workplace demographics now span3 generations

Requirements

Devices

MobileA solution designed with a mobile first mindset.

Cloud

HybridA solution with a physical on premise component combined with a cloud service.

People

An intuitive service that doesn’t require extensive training or adoption.Easy

Voting steps

Turn the screen of you mobile phone on.

2

Face the screen towards the presenter.

3

Take your mobile phone out of your pockets.

1* The unstructured results will be posted tonight on

Twitter.

BaseLine: Are you ready?

Turn the screen of you mobile phone on.

2

Face the screen towards the Presenter.

3

Take your mobile phone out of your pockets.

1

Agenda

Intro App Shapes

Wrap-upApp models

Agenda

Intro App Shapes

Wrap-upApp models

Let’s start

Past, present, future

Developers had too much privileges (full trust)

Remember what happens when you start leaking SPWebs?

The cat’s been in the sandbox!

The sandbox was a struggle to work with and maintain

So why the need for Apps in SharePoint?

Sites

Vie

ws

Columns

Libra

riesPages

List

sWeb Parts

WorkflowsM

ast

er

Pag

es

SolutionsFe

atu

res

Conte

nt Ty

pes

Docu

ments

So why the need for Apps in SharePoint?

Sites

Vie

ws

Columns

Apps

Libra

riesPages

List

sWeb Parts

WorkflowsM

ast

er

Pag

es

SolutionsFe

atu

res

Conte

nt Ty

pes

Docu

ments

Evolution of SharePoint customizations

Full trust solutions

Prone to stabilization issuesChallenging to upgradeUnfeasible on hosted platform

Sandboxed solutions

Too strict for developersHard to maintain and scaleConfusing for site owners

(Cloud) App model

Cloud/client code onlyHost/language independentFull life cycle and reuse ‘story’

Full trust vs High Trust

Full trust = GACHigh trust = Provider hosted app (S2S)

Agenda

Intro App Shapes

Wrap-upApp models

Agenda

Intro App Shapes

Wrap-upApp models

Question: App Shapes (screen or no-screen)

Turn the screen of you mobile phone on.

2

Face the screen towards the Presenter.

3

Take your mobile phone out of your pockets.

1

Immersive page is one shape. Are the other 2: webpart and custom action?

App Shapes for SharePoint

App UI components

App UI components

Immersive full page

App UI components

App UI components

Immersive full page App part

App UI components

App UI components

Immersive full page App part UI custom actions

ServerClient

Bro

wse

r Hos

t

Common App Architecture

Web Server H

ostClient-side Logic

HTML / CSS / Javascript

Office JS SharePoint JS (CSOM)

SharePoint&

Exchange

Oth

er D

evic

es&

Clie

nts

Server-side LogicAny language

Office

Web

App

s

Win

RT

Mac

Mob

ile

Win

32

APP

3rd P

arty

Ser

vice

s

Provider-hosted

Oth

erE.

g. L

AM

P

IIS /

ASP

.Net

Win

dow

sAzu

re

CSOM REST

On-premises

IE

Chr

ome

Fire

Fox

Safa

ri

Tier 1 Tier 2

OtherECMAScript 5

Development ToolsVisual Studio 2012, Napa or any standard Web development tool

Online

SharePoint

SQL

Workflow

Autohosted

SQL

Web Sites

Clie

nt A

PIs Server

APIs

The isolated domain

http://app-bdf2016ea7dacb.contosoapps.com/sites/Biwug/Poll

Host web

http://intranet.contoso.com/sites/Biwug

App webPoll App

/Poll

App prefix (tenant)

App ID

App domain

Host web

App name

http://app-bdf2016ea7dacb.contosoapps.com/sites/Biwug/Poll

Taking the plunge

Infrastructure configuration

Determine App domain• http://app-bdf2016ea7dacb.contosoapps.com/sites/SPC/

Scheduler

Configure domain names in DNS• http://app-bdf2016ea7dacb.contosoapps.com/sites/SPC/

Scheduler• *.contosoapps.com (wildcard is preferred)

Create a new wildcard SSL certificate (access token is transmitted in plaintext)

SharePoint farm configuration

• Subscription Settings• App Management

Service applications

• App URLs (App prefix and App domain)

• App Catalog• Store Settings• App Denied endpoints

SharePoint App settings

Additional Considerations (on prem)

Apps do not support Kerberos (ntml instead)

Special requirements for SAML authentication

Apps do not support multiple zones

A routing Web application may be needed

Routing Web application

No host header

https://app-bdf2016ea7dacb.contosoapps.com/sites/Biwug/Poll

*.contosoapps.com= 192.168.1.2

https://intranet.contoso.com

https://my.contoso.com

App Management Service Application

NLB192.168.1.2

DNS Farm

The New Cloud App Model

Build a new class of apps that extend and personalize the way we create and consume information right from within Office and SharePoint

The new cloud app model

New AppsA new class of apps enabling newscenarios and new user experiences

Flexible LifecycleDeploy and maintain your apps publicallyon the new Office Store, or internally withFlexibility and control

Familiar ToolsetsEmbracing Web standards to provide developers choice and flexibility

App Hosting

App Web (from WSP)

HostwebSharePoint-Hosted

AppReuse web elements (lists, out-

of-box web parts)Client side technologies and

declarative workflows

Provider-hosted App

“Bring your own server hosting infrastructure”

SharePoint

Web

Get remote events from SharePoint Use CSOM/REST + OAuth

Cloud-hosted apps

Your Hosted

Site

Autohosted AppWindows Azure + SQL

Azure provisioned automatically as apps

are installed

Azure SharePoint Web

Agenda

Intro App Shapes

Wrap-upApp models

Agenda

Intro App Shapes

Wrap-upApp models

Apps for SharePointApps for SharePoint are self-contained pieces of functionality that extend the capabilities of a SharePoint website. Apps integrate the best of the web and SharePoint; they are targeted and easy-to-use, and do a great job at solving a user need.

SharePoint Office Store

SharePoint App Catalog

Web Browser

Anatomy of a SharePoint Hosted app

Manifest

Code

JS CSS

HTML ASPX

Reasons to use SharePoint hosted apps

INHERENT MULTI-TENANCY

& ISOLATION

NO ADDITIONALCOST

NO NEED FOR ADDITIONAL

INFRASTRUCTURE

AUTHENTICATION IS AUTOMATIC

SYMMETRIC IN OFFICE 365AND ON-PREM

SharePoint component isolation1 app installation = 1 “app web”

App webs are isolated in their own domain:

Leverages web browser same-origin policy for script isolation

Host web

App web

https://contoso.sharepoint.com/site/

https://contoso-appUID.sharepoint.com/site/app/

Available app web components

Data

• Lists• Libraries

• WebProxy• App scoped BDC models• App scoped ECTs

UX

• Declarative Pages• CSS files• Custom Actions• OOB Web Parts

Logic

• JavaScript• Workflows• Custom Actions

Cloud Hosted Apps for SharePoint (Provider)

App Hosting

App Web (from WSP)

HostwebSharePoint-Hosted

AppReuse web elements (lists, out-

of-box web parts)Client side technologies and

declarative workflows

Provider-hosted App

“Bring your own server hosting infrastructure”

SharePoint

Web

Get remote events from SharePoint Use CSOM/REST + OAuth

Cloud-hosted apps

Your Hosted

Site

Autohosted AppWindows Azure + SQL

Azure provisioned automatically as apps

are installed

Azure SharePoint Web

SharePoint Office Store

SharePoint App Catalog

Web Browser

Anatomy of a Provider Hosted app

Web Server: Azure, IIS, LAMP, etc…Manifest

App Hosting

App Web (from WSP)

HostwebSharePoint-Hosted

AppReuse web elements (lists, out-

of-box web parts)Client side technologies and

declarative workflows

Provider-hosted App

“Bring your own server hosting infrastructure”

SharePoint

Web

Get remote events from SharePoint Use CSOM/REST + OAuth

Cloud-hosted apps

Your Hosted

Site

Autohosted AppWindows Azure + SQL

Azure provisioned automatically as apps

are installed

Azure SharePoint Web

Azure Web Site managed by SharePoint

SharePoint Office Store

SharePoint App Catalog

Web Browser

Anatomy of an Autohosted app

App Web Pages

SharePoint Pages

Manifest

Artifacts

App Lifecycle (autohosted)

App Developer Tenant Admin

Site Owner

Site Owner

Site Owner

Site OwnerApp

Catalog

SharePoint Store

(Office Marketplace)

Tenant A

Tenant B

.app .app

.app

Web Site SQL DB

Workflow

Web Site SQL DB

Workflow

Web Site SQL DB

Workflow

Web Site SQL DB

Workflow

App Lifecycle (Provider)

Publishing

From Developer to End User

Dev center

submission

Office Store

Integrated

Office Store

DirectVendor/

IT projects

SharePointApp

Catalog

TRIAL/ PURCHASE

TRIAL/PURCHASE

Office and SharePoint

Developer

End users

IT admin

SharePoint Office Store

SharePoint App Catalog

Web Browser

Recap: Anatomy of an app for SharePoint

App Content

Manifest

Code

SharePoint Hosted

SharePoint Hosted Package

SharePoint Office Store

SharePoint App Catalog

Web Browser

Recap: Anatomy of an app for SharePoint

Web Server: Azure, IIS, LAMP, etc…

App Web Pages

SharePoint Pages

Manifest

Artifacts

Provider Hosted

Provider-Hosted Package

Azure Web Site managed by SharePoint

SharePoint Office Store

SharePoint App Catalog

Web Browser

Recap: Anatomy of an app for SharePoint

App Web Pages

SharePoint Pages

Auto-Hosted

Manifest

Artifacts

Auto Hosted Package

Security

Can I trust this App?

Granting SharePoint App Permissions

Permissions are granted when an App for SharePoint is installed on a SharePoint server.

App permission

name

SharePoint permission name

Read Reader

Write Contributor

Manage Designer

FullControl Full Control All or nothin

g

App permissions

App permission request scopes

• Tenancy• SPSite• SPWeb• SPList• BCS• Search• Workflow• Taxonomy

App permission rights

• Read• Write• Manage• Full control

App authorization

policies• User and app

policy• App-only policy• User-only policy

App Authorization Policy flow

Full security list• SharePoint (full control)

• Site collection• Website• List• tenancy

• Other SP Features• BCS (read)• Search (QueryAsUserIgnoreAppPrinciple)• Taxonomy (R/W)

• Project (full control)• Project server (manage)• Projects (R/W)• Project (R/W)• EnterpriseResources (R/W)• Statusing (submitstatus)• Reporting (R)• Workflow (elevate)

• Other SP Features – Social (full control)• Tenant• Core• MicroFeed

Question<AppPermissionRequestScope="http://sharepoint/content/sitecollection/web/list"Right="Manage"/>

Question: App Shapes (screen or no-screen)

Turn the screen of you mobile phone on.

2

Face the screen towards the Presenter.

3

Take your mobile phone out of your pockets.

1

By default the app permission is set to all lists within the web, can you define more specific a list? Yes / No

Answer<AppPermissionRequestScope="http://sharepoint/content/sitecollection/web/list"Right="Manage" ><!-- add filter property to permission request --><Property Name="BaseTemplateId" Value="101" /></AppPermissionRequest>

Configure Apps authentication trust

Autohosted Apps

ACS

Provider-hosted Apps

ACS

S2S Trust

OAuth enables users to approve an application to act on their behalf without sharing their user name and password.

Understanding where Oauth fits• Oauth is primarily used for external app

authentication in the Office 365 environment.• Server2Server authentication is used for external

app authentication in on-premises farms.

OAuth for cloud-hosted Apps

Client

STS (ACS)

SharePoint Farm RemoteApp Site

1 - Request

2 – Request context token

3 – Signed context token

4 – Page + IFRAME

5 – Request page + include context token

10 – IFRAME contents

9 – SharePoint data

8 – Request + access token

7 – Access token

6 – Access token request

OAuth Flow

SharePoint Server

Hosting Server

Web Browser

ACS Server

SharePoint Server

Hosting ServerWeb Browser

ACS Server

1) User browses to a SharePoint page with an app from a Cloud hosted app on it

https://mySPSite.sharepo

SharePoint Server

Hosting ServerWeb Browser

1

ACS Server

ACS Server

2) SharePoint asks ACS to create and sign a token which contains context information and an auth code

https://mySPSite.sharepo

SharePoint Server

Hosting ServerWeb Browser

1

2

ACS Server

3) ACS returns the signed context token

https://mySPSite.sharepo

SharePoint Server

Hosting ServerWeb Browser

1

32

4) SharePoint renders the page including an IFRAME, which will POST the context token to the Cloud hosted app

Developer Site

POST https://hosting server/…SPAppToken=tbAgAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.e…

https://mySPSite.sharepo

ACS Server

SharePoint Server

Hosting ServerWeb Browser

1

2

4

3

5) The IFRAME causes the browser to request a page from the Cloud hosted app including the context token

ACS Server

SharePoint Server

Hosting ServerWeb Browser

1

2

4

3

5

Developer Sitehttps://mySPSite.sharepo

6) Cloud hosted app validates the signature on the context token, extracts the auth code, and uses its credentials to request an access token from ACS

ACS Server

SharePoint Server

Hosting ServerWeb Browser

1

2

4

3

6

5

Developer Sitehttps://mySPSite.sharepo

7) ACS returns an access token

ACS Server

SharePoint Server

Hosting ServerWeb Browser

1

2

4

3

6

7

5

Developer Sitehttps://mySPSite.sharepo

7) ACS returns an access token

8) Cloud-hosted app makes a web service request to SharePoint, passing the access token

ACS Server

SharePoint Server

Hosting ServerWeb Browser

1

2

4

3

6

7

5

8

Developer Sitehttps://mySPSite.sharepo

9) SharePoint returns information to the Cloud hosted app

ACS Server

SharePoint Server

Hosting ServerWeb Browser

1

2

4

3

6

7

5

8

9

Developer Sitehttps://mySPSite.sharepo

10) The Cloud hosted app renders the IFRAME contents

ACS Server

SharePoint Server

Hosting ServerWeb Browser

1

2

4

3

6

7

5

8

9

Sales Metrics Dashboard

Print Report

Email Report

Refresh

10

Developer Sitehttps://mySPSite.sharepo

App lifecycle management

App lifecycle managementInstalling an App

Manage licensing

Backup and restore

Upgrading an App

Uninstalling an App

App lifecycle managementInstalling an App

Manage licensing

Backup and restore

Upgrading an App

Uninstalling an App

Timer Jobs:• App Installation Service (1 min)

Cmdlets:• Import-SPAppPackage• Install-SPApp

App lifecycle managementInstalling an App

Manage licensing

Backup and restore

Upgrading an App

Uninstalling an App

*Licensing not required for app dev*Timer Jobs:• License Renewal

Powershell:• $appProxy = Get-

SPServiceApplicationProxy “AppManagementProxyId”

$appProxy.GetDeploymentID()

Cmdlets:• Set-

SPAppManagementDeploymentID

App lifecycle managementInstalling an App

Manage licensing

Backup and restore

Upgrading an App

Uninstalling an App

Cmdlets:• Backup-SPSite• Restore-SPSite

• Export-SPAppPackage• Import-SPAppPackage• Install-SPApp

App lifecycle managementInstalling an App

Manage licensing

Backup and restore

Upgrading an App

Uninstalling an App

Timer Jobs:• App State Update• Internal App State Update

Cmdlets:• Get-SPAppStateUpdateInterval• Get-SPAppStateSyncLastRunTime• Set-SPAppStateUpdateInterval• Get-

SPInternalAppStateUpdateInterval• Get-

SPInternalAppStateSyncLastRunTime

• Set-SPInternalAppStateUpdateInterval

• Update-SPAppInstance

App lifecycle managementInstalling an App

Manage licensing

Backup and restore

Upgrading an App

Uninstalling an App

Cmdlets:• Uninstall-SPAppInstance

Monitoring and logging

Monitoring and logging

• App usage/Error details• Timer Jobs

Monitoring in Central Admin

• App usage/Error detailsMonitoring in Site

Collections

• App Management, App Monitoring, Azure Access Control, App Marketplace, Marketplace Web Service

Logging Categories

Development toolsHow many are there?

Napa and Visual Studio• Napa is complementary to Visual Studio

• Get started in Napa, continue in Visual Studio

• Made it very easy to move to Visual Studio when you want to. For example:• Debugger• Support for composing apps for Office & SharePoint• Support additional deployment topologies (i.e. server code)• ALM tools (SCC, Work Items, Profiler, etc.)• Additional SharePoint items (BCS, Workflow, etc.)

Napa is an app for SharePointWindows Azure

SharePoint Developer Site

JS CSS

HTML ASPX

Office Store

Install the Napa app

Side load SharePointApp1

SharePointApp1

App for SharePoint

DocumentApp for Office

JSOM & REST (example)JavaScript object modelvar ctx = new SP.ClientContext("http://contoso-appUID.spo.com/site/app");ctx.load(ctx.get_web().get_title());ctx.executeQueryAsync();

REST/ODatahttp://contoso-appUID.spo.com/site/app/_api/web/Title

_api/web/lists_api/web/lists/getByTitle('Documents')

_api/social.feed/my/news_api/SP.UserProfiles.PeopleManager/getMyProperties()_api/search/query?Querytext='Marketing'

Agenda

Intro App Shapes

Wrap-upApp models

Agenda

Intro App Shapes

Wrap-upApp models

In SharePoint 2013… Improvement++

?

Take Away• Javascript / Jquery , CSOM & REST are getting

important• Clientside (high trust) vs Serverside (full trust)• Recommended read: SP 2013 App development• Scott hillier & ted pattison

References• SPC Slide decks: • Understanding and Maintaining SharePoint Apps for IT Pros

• Chris Whitehead & Sam Hassani

• SharePoint hosted apps• Yina Arenas

• Building Autohosted Apps for SharePoint 2013• Richard diZerega Nathan Miller