Biwug slideDesk first session 26/11/2013 This session is about an intro into the Apps model. There is much more to think about than just select what kind of type of app that you want to create.

1. Intro Apps

2. News
joris.poelmans@biwug.be

6. About me

7. Voting System
Apps, what is the difference... a story
> Speaker: Andy Van Steenbergen
The Consumerization of the Intranet…
> Speaker: Peter van Hees

8. Trends impacting the way we work
i
1 billion
For the first time in
modern history, workplace
demographics now span
50%
smartphones, 4 years
ahead of predictions
3
of enterprise customers
are “on the road” to cloud
generations

9. Requirements
i
Mobile
An intuitive service that
doesn’t require extensive
training or adoption.
A solution designed with
a mobile first mindset.
Easy
Hybri
d
A solution with a physical
on premise component
combined with a cloud
service.

10. Voting steps
Take your mobile
phone out of your
pockets.
1
Turn the screen
of you mobile
phone on.
2
Face the screen
towards the
presenter.
3
* The unstructured results will be posted tonight on Twitter.

11. BaseLine: Are you ready?
Take your mobile
phone out of your
pockets.
1
Turn the screen
of you mobile
phone on.
2
Face the screen
towards the
Presenter.
3

12. Agenda

13. Agenda

24. Agenda

25. Agenda

26. Question: App Shapes (screen or noscreen)
Take your mobile
phone out of your
pockets.
1
Turn the screen
of you mobile
phone on.
2
Face the screen
towards the
Presenter.
3

28. App UI components

29. App UI components

30. App UI components

31. App UI components

32. App UI components

33. App UI components

34. Client APIs
Server APIs
SharePoint
& Exchange
Office
Client
Server
3rd Party Services
Browser Host
APP
Web Server Host
Other Devices
& Clients
Common App Architecture

35. The isolated domain
http://intranet.contoso.com/sites/Biwug /Poll
http://app-bdf2016ea7dacb.contosoapps.com/sites/Biwug/Poll
App prefix (tenant)
App domain
App ID
App name
Host web

37. Infrastructure configuration
Determine App domain
• http://app-bdf2016ea7dacb.contosoapps.com/sites/SPC/Scheduler
Configure domain names in DNS
• http://app-bdf2016ea7dacb.contosoapps.com/sites/SPC/Scheduler
• *.contosoapps.com (wildcard is preferred)
Create a new wildcard SSL certificate
(access token is transmitted in plaintext)

38. SharePoint farm configuration
Service applications
SharePoint App
settings
• Subscription Settings
• App Management
•
•
•
•
App URLs (App prefix and App domain)
App Catalog
Store Settings
App Denied endpoints

39. Additional Considerations (on prem)
Apps do not support Kerberos (ntml instead)
Special requirements for SAML authentication
Apps do not support multiple zones
A routing Web application may be needed

40. Routing Web application
https://app-bdf2016ea7dacb.contosoapps.com/sites/Biwug/Poll
NLB
192.168.1.2
*.contosoapps.com
= 192.168.1.2
DNS
Farm

42. The new cloud app model
Build a new class of apps that extend and personalize the way we create
and consume information right from within Office and SharePoint
New Apps
A new class of apps enabling new
scenarios and new user experiences
Familiar Toolsets
Embracing Web standards to provide
developers choice and flexibility
Flexible Lifecycle
Deploy and maintain your apps publically
on the new Office Store, or internally with
Flexibility and control

43. App Hosting
SharePoint
Web
Your Hosted
Site
SharePoint
Web
Azure
Host
web
App Web
(from WSP)
Client side technologies and
declarative workflows

44. Agenda

45. Agenda

47. Anatomy of a SharePoint Hosted app
Manifest
Code
JS CSS HTML ASPX

48. Reasons to use SharePoint hosted
apps
SYMMETRIC
IN OFFICE 365
AND ON-PREM
AUTHENTICATION
IS AUTOMATIC
INHERENT
MULTI-TENANCY
& ISOLATION
NO ADDITIONAL
COST
NO NEED FOR
ADDITIONAL
INFRASTRUCTURE

49. SharePoint component isolation
1 app installation = 1 “app web”
App webs are isolated in their own domain:
Host
https://contoso.sharepoint.com/site
web /
App
web
https://contosoappUID.sharepoint.com/site/app/
Leverages web browser same-origin policy for script isolation

50. Available app web components
• Lists
• Libraries
• WebProxy
• App scoped BDC
models
• App scoped ECTs
• JavaScript
• Workflows
• Custom Actions
• Declarative Pages
• CSS files
• Custom Actions
• OOB Web Parts

52. App Hosting
SharePoint
Web
Your Hosted
Site
SharePoint
Web
Azure
Host
web
App Web
(from WSP)
Client side technologies and
declarative workflows

53. Anatomy of a Provider Hosted app
Manifest

54. App Hosting
SharePoint
Web
Your Hosted
Site
SharePoint
Web
Azure
Host
web
App Web
(from WSP)
Client side technologies and
declarative workflows

55. Anatomy of an Autohosted app
Manifest
Artifacts
SharePoint Pages
App Web Pages

56. App Lifecycle (autohosted)
Tenant A
Tenant B

57. App Lifecycle (Provider)

59. From Developer to End User
Office and SharePoint
Dev center
submission
Office Store
TRIAL/
PURCHASE
Integrated
Office
Store
TRIAL/
PURCHASE
Developer
Direct
SharePoint
App Catalog
Vendor/
IT projects
IT admin
End users

60. Recap: Anatomy of an app for SharePoint
Manifest
Code
App Content
SharePoint
Hosted

61. SharePoint Hosted Package

62. Recap: Anatomy of an app for SharePoint
Manifest
Artifacts
SharePoint Pages
App Web Pages

63. Provider-Hosted Package

64. Recap: Anatomy of an app for SharePoint
Manifest
Artifacts
SharePoint Pages
Auto-Hosted
App Web Pages

65. Auto Hosted Package

68. Granting SharePoint App Permissions
Permissions are granted when an App for SharePoint is
installed on a SharePoint server.
App
permission
name
SharePoint
permission name
Read
Reader
Write
Contributor
Manage
Designer
FullControl
Full Control
All or
nothing

69. App permissions
App permission
request scopes
•
•
•
•
•
•
•
•
Tenancy
SPSite
SPWeb
SPList
BCS
Search
Workflow
Taxonomy
App permission
rights
•
•
•
•
Read
Write
Manage
Full control
App
authorization
policies
• User and app policy
• App-only policy
• User-only policy

70. App Authorization Policy flow

71. Full security list
• SharePoint (full control)
•
•
•
•
Site collection
Website
List
tenancy
• Other SP Features
• BCS (read)
• Search (QueryAsUserIgnoreAppPrinciple)
• Taxonomy (R/W)
• Other SP Features – Social (full control)
• Tenant
• Core
• MicroFeed
• Project (full control)
•
•
•
•
•
•
•
Project server (manage)
Projects (R/W)
Project (R/W)
EnterpriseResources (R/W)
Statusing (submitstatus)
Reporting (R)
Workflow (elevate)

72. Question
<AppPermissionRequest
Scope="http://sharepoint/content/sitecollection/web/list"
Right="Manage"
/>

73. Question: App Shapes (screen or noscreen)
Take your mobile
phone out of your
pockets.
1
Turn the screen
of you mobile
phone on.
2
Face the screen
towards the
Presenter.
3

74. Answer
<AppPermissionRequest
Scope="http://sharepoint/content/sitecollection/web/list"
Right="Manage" >
<!-- add filter property to permission request -->
<Property Name="BaseTemplateId" Value="101" />
</AppPermissionRequest>

75. Configure Apps authentication trust
Autohosted Apps
ACS
Provider-hosted Apps
ACS
S2S Trust

76. OAuth enables users to approve an
application to act on their behalf
without sharing their user name and
password.

77. Understanding where Oauth fits
• Oauth is primarily used for external app authentication in
the Office 365 environment.
• Server2Server authentication is used for external app
authentication in on-premises farms.

78. OAuth for cloud-hosted Apps
7 – Access token
2 – Request
context token
3 – Signed
context token
6 – Access
token
request
8 – Request +
access token
1 - Request
4 – Page +
IFRAME
9 – SharePoint data
5 – Request page + include context token
10 – IFRAME contents

79. OAuth Flow
ACS
Server
SharePoint
Server
Hosting
Server
Web Browser

80. ACS
Server
Hosting
Server
Web Browser
SharePoint
Server

81. ACS
Server
https://mySPSite.sharepo
1
Hosting
Server
Web Browser
SharePoint
Server
1) User browses to a
SharePoint page with an app
from a Cloud hosted app on it

82. ACS
Server
https://mySPSite.sharepo
2
1
Hosting
Server
Web Browser
SharePoint
Server
2) SharePoint asks ACS to
create and sign a token which
contains context information
and an auth code

83. ACS
Server
https://mySPSite.sharepo
3
2
1
Hosting
Server
Web Browser
SharePoint
Server
3) ACS returns the signed
context token

84. ACS
Server
https://mySPSite.sharepo
Developer Site
3
2
1
4
Hosting
Server
Web Browser
SharePoint
Server
POST https://hosting server/
…
SPAppToken=tbAgAiOiJKV1
QiLCJhbGciOiJIUzI1NiJ9.e…
4) SharePoint renders the page
including an IFRAME, which
will POST the context token to
the Cloud hosted app

85. ACS
Server
https://mySPSite.sharepo
Developer Site
3
2
1
4
Hosting
Server
Web Browser
5
SharePoint
Server
5) The IFRAME causes the
browser to request a page
from the Cloud hosted app
including the context token

86. ACS
Server
https://mySPSite.sharepo
Developer Site
6
3
2
1
4
Hosting
Server
Web Browser
5
SharePoint
Server
6) Cloud hosted app validates the
signature on the context token,
extracts the auth code, and uses its
credentials to request an access
token from ACS

87. ACS
Server
https://mySPSite.sharepo
Developer Site
7
6
3
2
1
4
Hosting
Server
Web Browser
5
SharePoint
Server
7) ACS returns an access token

88. ACS
Server
https://mySPSite.sharepo
Developer Site
7
6
3
2
1
8
4
Web Browser
Hosting
Server
5
SharePoint
Server
8) Cloud-hosted app makes a web
service request to SharePoint,
passing the access token

89. ACS
Server
https://mySPSite.sharepo
Developer Site
7
6
3
2
1
8
4
9
Web Browser
Hosting
Server
5
SharePoint
Server
9) SharePoint returns information to
the Cloud hosted app

90. ACS
Server
https://mySPSite.sharepo
Developer Site
7
6
3
2
1
8
4
9
Web Browser
Hosting
Server
5
SharePoint
Server
Print Report
Email Report
Refresh
10) The Cloud hosted app renders
the IFRAME contents
10

92. App lifecycle management
Installing an App
Manage licensing
Upgrading an App
Backup and restore
Uninstalling an App

93. App lifecycle management
Installing an App
Manage licensing
Upgrading an App
Backup and restore
Uninstalling an App

94. App lifecycle management
Installing an App
Manage licensing
Upgrading an App
Backup and restore
Uninstalling an App

95. App lifecycle management
Installing an App
Manage licensing
Upgrading an App
Backup and restore
Uninstalling an App

96. App lifecycle management
Installing an App
Manage licensing
Upgrading an App
Backup and restore
Uninstalling an App

97. App lifecycle management
Installing an App
Manage licensing
Upgrading an App
Backup and restore
Uninstalling an App

99. Monitoring and logging
Monitoring in Central
Admin
• App usage/Error details
• Timer Jobs
Monitoring in Site
Collections
• App usage/Error details
Logging Categories
• App Management, App Monitoring, Azure
Access Control, App Marketplace,
Marketplace Web Service

101. Napa and Visual Studio
• Napa is complementary to Visual Studio
• Get started in Napa, continue in Visual Studio
• Made it very easy to move to Visual Studio when you want to.
For example:
•
•
•
•
•
Debugger
Support for composing apps for Office & SharePoint
Support additional deployment topologies (i.e. server code)
ALM tools (SCC, Work Items, Profiler, etc.)
Additional SharePoint items (BCS, Workflow, etc.)

102. Napa is an app for SharePoint
JS CSS HTML ASPX
App for Office

103. JSOM & REST (example)
JavaScript object model
var ctx = new SP.ClientContext("http://contosoappUID.spo.com/site/app");
ctx.load(ctx.get_web().get_title());
ctx.executeQueryAsync();
REST/OData
http://contoso-appUID.spo.com/site/app/_api/web/Title
_api/web/lists
_api/web/lists/getByTitle('Documents')
_api/social.feed/my/news
_api/SP.UserProfiles.PeopleManager/getMyProperties()
_api/search/query?Querytext='Marketing'

104. Agenda

105. Agenda

106. In SharePoint 2013… Improvement++

108. Take Away
• Javascript / Jquery , CSOM & REST are getting important
• Clientside (high trust) vs Serverside (full trust)
• Recommended read: SP 2013 App development
• Scott hillier & ted pattison

109. References
• SPC Slide decks:
•
Understanding and Maintaining SharePoint Apps for IT Pros
•
•
SharePoint hosted apps
•
•
Chris Whitehead & Sam Hassani
Yina Arenas
Building Autohosted Apps for SharePoint 2013
•
Richard diZerega
Nathan Miller