(Rob) Contoso photo Contoso ? Contoso photo Contoso.

Developing Hybrid apps for SharePointRob HowardProgram Manager, SharePoint Developer

SPC088

• Review of SharePoint app authentication• Online, on-prem, and hybrid scenarios• Access tokens and issuers• Configuring a hybrid SharePoint

environment• Creating a hybrid SharePoint app

Agenda

App authentication review

Contoso photo

Contoso photo

Contoso

?Contoso photo

Contoso

Contoso photo

Contoso

View

View

Contoso photo

Contoso

View, Upload, Tag, Comment

View, Upload, Tag, Comment

Contoso photo

Contoso

View, Upload, Tag, Comment, Change Password


Contoso photo

Contoso


Contoso photo

Contoso


View

Contoso photo

Contoso

SharePoint

SharePoint 2007

Sandbox

SharePoint 2010

SharePoint

Azure, IIS, LAMP, etc…

_api

SharePoint 2013

Cloud App Model: Past and Present

Hybrid app scenarios

• Selling a product built from a single codebase to on-prem customers and O365 customers

• Creating an app that work both online and on-prem for customers with a presence in both

• Connecting an app running in the cloud to SharePoint running on-prem or vice versa

Hybrid Scenarios

App Identity Online and On-PremIn the cloudWindows Azure AD comes with O365Apps use ‘3-legged’ OAuth

Clo

ud

Azure AD

AppOffice 365


On-PremisesCert-based trustOn-prem to on-prem

On-P

rem

Clo

ud

Azure AD

AppOffice 365

AppSharePoi

nt


On-PremisesCert-based trustOn-prem to on-prem

HybridUse O365 Azure AD with on-prem SPSupports marketplace and on-prem apps

Azure AD

AppOffice 365

AppSharePoi

nt

Clo

ud

On-P

rem

• No autohosted apps in on-prem farms• Cross-firewall server-side calls• Azure AD is only available as part of O365

Hybrid app challenges

SharePoint“Host” Web

App Web JavaScript

App Authentication

SharePoint“AppWeb”

Firewall


App Authentication

JavaScript(cross domain)


Firewall

Demo: SharePoint-hosted apps on-prem and onlineRob Howard

Firewall


App Authentication

OAuth


Access tokens and issuers

SharePointRemote App

Access Token



Trusted SecurityToken Issuer

Access Token

OAuth-authenticated requestPOST https://fortworth.sharepoint.com/_vti_bin/client.svc/ProcessQuery HTTP/1.1Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEs…Content-Type: text/xmlHost: fortworth.sharepoint.comContent-Length: 606Expect: 100-continueAccept-Encoding: gzip, deflate

<Request AddExpandoFieldTypeSuffix="true" SchemaVersion="15.0.0.0" LibraryVersion="15.0.0.0"…

Access token

Decoded access token { "typ":JWT "alg":RS256 "x5t":34-64-C5-BD-D2-BE-7F-2B-61-12-E2-F0-8E-9C-00-24-E3-3D-9F-E0 } { "aud":00000003-0000-0ff1-ce00-000000000000/fortworth.sharepoint.com@2c439330-685e-4c13-817b-e057b9637ad0 "iss":00000001-0000-0000-c000-000000000000@2c439330-685e-4c13-817b-e057b9637ad0 "nbf":2012-11-09 16:07:26Z (11/9/2012 8:07:26 AM) - 1352477246 "exp":2012-11-10 04:07:26Z (11/9/2012 8:07:26 PM) - 1352520446 "nameid":10037ffe831d4d4c "actor":e1ec2ca5-301c-4275-add3-f1f7252f3b4b@2c439330-685e-4c13-817b-e057b9637ad0 "identityprovider":urn:federation:microsoftonline }

Thumbprint

Issuer


Audience




Access Token

Access tokens and issuers (Online)

SharePoint Online

Remote App

Trusted SecurityToken Issuer (ACS)

Access Token

Azure AD

ACS Proxy

Access tokens and issuers (On-Prem)

SharePoint On-Prem

Remote App


Access Token

Azure AD

ACS Proxy

Demo: Building a high-trust app on-premRob Howard




Access Token

Access tokens and issuers (Hybrid)

SharePoint On-Prem

Remote App


Access Token

Azure AD

ACS Proxy

Demo: Configuring ACS as a trusted issuer on-premRob Howard




Access Token

Access tokens and issuers (Online)



Access Token

Azure AD

ACS Proxy

Azure AD

Creating a hybrid app



SharePoint


Demo: Apps that use both high-trust and 3-legged OAuthRob Howard

Remote App

Remote App

Azure AD

Access tokens and issuers (Hybrid)

SharePoint Online

Remote App


SharePoint On-prem


• The new cloud app model is designed to work both on-prem and in the cloud

• Use high-trust (S2S) in pure on-prem environments

• Use a hybrid configuration to connect on-prem SharePoint farms to apps in the cloud

• Build hybrid apps that can work in on-prem and online environments with a single codebase

Takeaways

Evaluate this session now on MySPC using your laptop or mobile device: http://myspc.sharepointconference.com

MySPC

http://myspc.sharepointconference.com/

http://myspc.sharepointconference.com/

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

(Rob) Contoso photo Contoso ? Contoso photo Contoso.

Documents

Transcript of (Rob) Contoso photo Contoso ? Contoso photo Contoso.