Creating Sharepoint 2013 Apps in the cloud.Marat BakirovReadify

APT002

2

QuestionsWho has NOT seen Brian’s previous session?Who has ever created apps for Sharepoint 2013?Who has an Office 365 account and utilises it?Who has ever used JavaScript CSOM object model?.

3

Contents• What is a Sharepoint App? • Sharepoint Hosted App challenges• Cloud hosted apps• Recap

4ServerClient

Bro

wse

r Hos

t

What is app?

Web Server H

ost

Client-side LogicHTML / CSS / Javascript

Office JS SharePoint JS (CSOM)

SharePoint&

Exchange

Server-side LogicAny language

Office

Web

App

s

Win

RT

Mac

Mob

ile

Win

32

APPProvider-hosted

Oth

erE.

g. L

AMP

IIS /

ASP

.Net

Win

dow

sAzu

re

CSOM REST

On-premises

IE

Chr

ome

Fire

Fox

Safa

ri

Tier 1 Tier 2

OtherECMAScript 5

Online

SharePoint

SQL

Workflow

Autohosted

SQL

Web Sites

Clie

nt A

PIs Server

APIs

5

Manifest SharePoint

Office Store

SharePoint App Catalog

Web Browser

Anatomy of a Sharepoint Hosted app.

Javascript, REST, etc

6

Manifest SharePoint

Office Store

SharePoint App Catalog

Web Browser

Anatomy of a Cloud Hosted app.Web Server: Azure, IIS, LAMP, etc…

Server code in ASP.NET Client code for Sharepoint

7

App Hosting

Get remote events from SharePoint Use CSOM/REST + OAuth

Cloud-hosted apps

Provider-hosted App

“Bring your own server hosting infrastructure”

SharePoint

Web

Your Hosted

Site

Autohosted AppWindows Azure + SQL

Azure provisioned automatically as apps

are installed

Azure SharePoint Web

App Web (from WSP)

Hostweb

SharePoint-Hosted App

Reuse web elements (lists, out-of-box web parts)

Client side technologies

8

App Shapes for SharePoint

Full page

Implement complete app experiences to satisfy business scenarios

PartsCreate app parts that can interact with the SharePoint experience

UI Command extensionsAdd new commands to the ribbon and item menus

9

Contents• What is a Sharepoint App? • Sharepoint Hosted App Challenges• Cloud hosted apps• Recap

10

SharePoint component isolation1 app installation = 1 “app web”

App webs are isolated in their own domain:

Leverages web browser same-origin policy for script isolation

Host web

App web

https://contoso.sharepoint.com/site/

https://contoso-appUID.sharepoint.com/site/app/

JSOM & RESTJavaScript object model

var ctx = SP.ClientContext.get_current();ctx.load(ctx.get_web().get_title());ctx.executeQueryAsync();

REST/ODatahttp://contoso-appUID.spo.com/site/app/_api/web/Title

_api/web/lists_api/web/lists/getByTitle('Documents')

_api/social.feed/my/news_api/SP.UserProfiles.PeopleManager/getMyProperties()_api/search/query?Querytext='Marketing'

Same origin policy!• Oops!

Client context and cross site callsTo access artefacts outside of the appweb:1. Request permission to the scope you want

to access2. Make your CSOM request using the right

client context.

var ctx = new SP.ClientContext(appWebUrl);var appContextSite = new SP.AppContextSite(ctx, hostWebUrl);ctx.Load(appContextSite.get_web());

14

Sharepoint hosted app and what you can do with itMarat BakirovReadify

15

Contents• What is a Sharepoint App? • Sharepoint Hosted App Challenges• Cloud hosted apps• Recap

16

Why would we use cloud hosted app?• Server code in your way• ASP.NET, ASP.NET MVC, C#, PHP, Java, Ruby, etc.

• Privileges elevation• Your app code does something user cannot do

• Remote event receivers• App installing /deleting• elements, lists, webs, etc.

17

App PermissionsApp permissions are configured in the app manifestDevelopers specify the permissions the app needs to be able to run

Apps request permissions during installationGranting app permission is all or nothing (installer can’t pick a chose what to grant from the request)

Apps must be granted permissions by the user executing the appUsers can only grant the permissions they have

Azure Access Control Service (ACS) plays the role of the authorization serverAzure ACS stores basic information about the app and provides apps access tokens for calling SharePoint APIs.

18

App policy• App + User policy• User AND an App should have resource permissions• No access or “element not found” errors

• App-only policy• Only app can should have permissions• Can access resource without SharePoint context• Server code only.

19

App-only PolicyScenarios:1. Privileges elevation2. Accessing Sharepoint without user context

How?3. Add AllowAppOnlyPolicy to AppManifest.xml4. Add code for getting app only access token

Normal call vs. app callusing (var clientContext = TokenHelper.GetClientContextWithContextToken(hostWeb, contextToken, Request.Url.Authority)){

var list = clientContext.Web.Lists.GetById(new Guid(listId));...clientContext.ExecuteQuery();

}

var contextTokenObject = TokenHelper.ReadAndValidateContextToken(contextToken, Request.Url.Authority);

var appOnlyAccessToken = TokenHelper.GetAppOnlyAccessToken(contextTokenObject.TargetPrincipalName,

new Uri(hostWeb).Authority, contextTokenObject.Realm);

using (var clientContext = TokenHelper.GetClientContextWithAccessToken(hostWeb, appOnlyAccessToken.AccessToken)){ var list = clientContext.Web.Lists.GetById(new Guid(listId)); clientContext.ExecuteQuery();}

First POST callvar contextToken = (string) this.Session["Token"] ?? TokenHelper.GetContextTokenFromRequest(Page.Request); var hostWeb = Page.Request["SPHostUrl"]; this.Session["Token"] = contextToken;

Simpler in 2013

POST!!!

22

What is Chrome control?

23

Cloud hosted app and what you can do withMarat BakirovReadify

24

Highlights and challenges1) Your app is called with POST2) No one will store a token for you3) F5 debugging.4) Chrome control to get Sharepoint styling

and a link to a host web.

25

Contents• What is a Sharepoint App? • Sharepoint Hosted App Challenges• Cloud hosted apps• Recap

26

Key points recapSharepoint client code only!AppWeb vs Host WebFirst call to hosted app is POSTApp permissions + app only policy gives elevationCustom actions, remote event receivers and lots of other stuff

27

Call to action

Developer Network

Resources for Developers

http://msdn.microsoft.com/en-au/

Learning

Virtual Academy

http://www.microsoftvirtualacademy.com/

TechNet

Resources

Sessions on Demand

http://channel9.msdn.com/Events/TechEd/Australia/2013

Resources for IT Professionals

http://technet.microsoft.com/en-au/

© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.