SharePoint 2013 Apps - deep dive. We'll look at they work, what they look like, what they do and how to us apps. Its all about the apps. Apps are good, very good.
2. Use Power
Query To Draft
A Fantasy
Football Teamhttp://blogs.msdn.com/b/powerbi/archive/2013/10/24/use-
power-query-to-draft-a-fantasy-football-team.aspx
9. WHAT DOES THIS HAVE TO
DO WITH APPS?
Apps in the cloud
Making apps more robust by using their own resources
Making systems more robust by hosting apps outside of the system
Tying to the cloud, but you don’t have to
Services working together
How and why do you have to make this work?
Page 9
13. DEVELOPING / HOSTING
SECURITY AND AUTH
Auto-hosted
Auto hosted apps run as a web role in Windows Azure and use the Windows Azure
Access Control Service (ACS) to obtain the access token.
Provider-hosted
Provider-hosted apps run on their own servers on the Internet or your intranet,
are registered with Windows Azure, and use ACS to obtain the access token*.
SharePoint-hosted
SharePoint hosted apps run in an appweb, can have client side code but not server
side code. Developer must use certificates or create their own trust
Page 13
14. HIGH TRUST VS LOW TRUST
High-trust apps
High-trust apps run on stand-alone servers on your intranet and use a signing
certificate to digitally sign the access tokens that the app generates. Typically
server to server.
Low-Trust apps
Low trust apps can run anywhere and run on an Oauth code flow to delegate
limited rights to apps to act as users. SharePoint and client application must trust
and communicate with an authentication provider such as azure active directory.
Page 14
15. SP 2013 AUTH
Claims, Claims, Claims
•Classic is no more, or on its way out
•Distributed Cache
Server to Server
•Exchange, Lync
•BYOI
App Authentication (App Model / App Catalog / CSOM)
•Create apps that use Oauth or other identity provider
•App Permission Policies (User/App, App Only, User Only)
Page 15
19. APPS ARE PEOPLE TOO
Apps have permission like users
App principle is like a user identify – a security principle
Apps are granted perms
Differ than users
All or nothing / No hierarchy
Apps have default perms
App can run app web
App can include permissions
Install grants / denies permission
Page 19
21. ACCESS TOKENS
• What’s a token?
Access tokens are issued by the OAuth security token service (STS).
An example of OAuth STS is Windows Azure Access Control Service (ACS) OAuth endpoints.
Other tokens
WS-Federation STS and the Security Assertion Markup Language (SAML) passive sign-in STS are primarily
intended to issue sign-in tokens
Other
Page 21
22. OAUTH
OAuth is an open standard for authorization
OAuth is not OpenID (authentication/digital ID)
Valet Key
Access Token
Scopes
Page 22
23. TOKENS
•How to manage the lifetime of the parameters
passed from SharePoint, such as SPHostUrl or
refresh token?
•How to write an app that can run under different
authentication modes without a code change?
•How to handle app URL bookmarking?
•When to renew [an] access token?
The new SharePointContext helper is designed to
solve these problems. It is built on TokenHelper,
attempting to provide a simplified and unified
context model for apps to communicate with
24. PLAN FOR APP
AUTHENTICATIONApp authentication is the validation of an external app for
SharePoint's identity and the authorization of both the app
and an associated user when the app requests access to a
secured SharePoint resource
Verify that the requesting app is trusted.
Verify that the type of access that the app is requesting is
authorized.
Necessary :
To authorize requests by an app for SharePoint to access
SharePoint resources on behalf of a user.
To authenticate apps in the Office Store, an app catalog, or
a developer tenant.
Page 24
30. IF YOU WANT TO DO THIS ...
... USE THESE APIS
ASP.NET web application (CRUD) BCS with Firewall JavaScript client object model
ASP.NET web application (CRUD) BCS without Firewall
.NET Framework client object model,
Silverlight client object model, or REST/OData
endpoints
LAMP CRUD BCS REST/OData endpoints
Windows Phone CRUD Mobile client object model
Windows Phone Push
Mobile client object model and the server
object model
iOS or Android CRUD REST/OData endpoints
.NET app CRUD .NET Framework client object model
Silverlight CRUD Silverlight client object model
HTML/JavaScript CRUD JavaScript client object model
Office spp JavaScript client object model
custom Windows PowerShell Server object model
Create a timer job REST with Azure/ Server object model
31. COMPARING REST/ODATA
PROGRAMMING WITH CLIENT
OBJECT MODEL
PROGRAMMINGFeature
.NET Framework or Silverlight
object models
JavaScript object model
REST/OData endpoints called
from a Windows platform or
JavaScript
Object-oriented programming Yes Yes No
Batch processing Yes Yes No
APIs for conditional processing
and exception handling
Yes No No
Availability of LINQ syntax Yes No No
Combining list data from
different SharePoint web
applications
Yes No Yes
Familiarity to experienced
REST/OData developers
No No Yes
Similarity to non-Windows
programming or JavaScript
programming
No Yes Yes
Strong typing for list item fields No (except with LINQ) No
Yes, from Windows platform
No, from JavaScript
Leveraging jQuery, Knockout, No, from Windows platform
36. DEMO: HOW TO CREATE A
SPAZ IN 10 MINUTES
Autohosted
Azure
Oauth
Steve Fox, MSDN
http://blogs.msdn.com/b/steve_fox/archive/2013/02
/18/building-your-first-provider-hosted-app-for-
sharepoint-using-windows-azure-part-1.aspx
http://msdn.microsoft.com/en-
us/library/fp179887.aspx
42. REFERENCES
David Aiken & Dan Wesley SharePoint 2013 on Windows Azure Infrastructure_v1 http://www.microsoft.com/en-us/download/details.aspx?id=38428
Robert G Carter, Duke Uniersity OIT
http://people.duke.edu/~rob/kerberos/authvauth.html
Yung Chou
http://blogs.technet.com/b/yungchou/
Connecting a PaaS Application to an IaaS application with a Virtual Network – Yung Chou, MS Tech Evangelist
http://blogs.technet.com/b/yungchou/archive/2011/03/03/chou-s-theories-of-cloud-computing-the-5-3-2-principle.aspx
Andrew Connell
http://www.pluralsight.com/training/Authors/Details/andrew-connell
SharePoint 2013 Developer Ramp Up
Creating a SharePoint Server 2013 Environment for Development and Testing
Josh Gavant
http://blogs.msdn.com/b/besidethepoint/archive/2012/12/13/10376205.aspx
Frank LaVigne
http://franksworld.com/blog/
Introduction to Windows Azure Access Control Services Virtual Lab
Keith Mayer
http://blogs.technet.com/b/keithmayer/
Introduction to Windows Azure Virtual Machines – Keith Mayer, MS Developer Evangelist
http://blogs.technet.com/b/keithmayer/archive/2013/01/07/step-by-step-build-a-free-sharepoint-2013-lab-in-the-cloud-with-windows-azure-31-days-of-servers-in-the-cloud-part-7-of-31.aspx
Page 42
Computer as a service – don’t believe me – look at data center on trucks – like legos. A platform, an app?
:20
html5/js on win 8, on win phone, on sp, on azure
It has a good ending
Marvin the Paranoid Android, just like corporations
I hate grammar errors
Twitter/Bitly, sign in with facebook,
Business Decisions, Copy Local = False, No procedural code – JSOM, APPS, REST
Single Page Apps, SharePoint Azure
http only – why you need on prem. All cloud ssl. SP hosted uses client content of parent. Could take a day talking about this app. Talk later. Could be in SP! Tour of other EPSN API – and real azure. https://datamarket.azure.com/application/8efbbc08-beee-4990-a7c0-480ffc5750db
Working - general
Basic Data Ops – Identity Model Issues – Run Local