SharePoint 2013 Apps and the App Model

43
PHILADELPHIA CODE CAMP 2013.2 SHAREPOINT 2013 APPS

description

SharePoint 2013 Apps - deep dive. We'll look at they work, what they look like, what they do and how to us apps. Its all about the apps. Apps are good, very good.

Transcript of SharePoint 2013 Apps and the App Model

Page 1: SharePoint 2013 Apps and the App Model

PHILADELPHIA CODE CAMP 2013.2

SHAREPOINT 2013 APPS

Page 2: SharePoint 2013 Apps and the App Model

Use Power Query To Draft A Fantasy Football Team

http://blogs.msdn.com/b/powerbi/archive/2013/10/24/use-power-query-to-draft-a-fantasy-football-team.aspx

Page 3: SharePoint 2013 Apps and the App Model

BUSINESS HEARTS MICROSOFT

Page 4: SharePoint 2013 Apps and the App Model

AGENDAClouds

Apps and Clouds

Security – for apps, clouds

Apps are People too (with wallets)

Apps Old > New

Lots O Demos

Page 5: SharePoint 2013 Apps and the App Model

WHAT IS SHAREPOINT IN RELATION TO THE CLOUD

Page 5

Page 6: SharePoint 2013 Apps and the App Model

IAAS VS PAAS VS SAAS

Page 6

Page 7: SharePoint 2013 Apps and the App Model

5-3-2 CLOUD

Page 7

Page 8: SharePoint 2013 Apps and the App Model

WHAT DOES THIS HAVE TO DO WITH APPS?

Page 8

Page 9: SharePoint 2013 Apps and the App Model

WHAT DOES THIS HAVE TO DO WITH APPS?

Apps in the cloud

Making apps more robust by using their own resourcesMaking systems more robust by hosting apps outside of the system

Tying to the cloud, but you don’t have to

Services working together

How and why do you have to make this work?

Page 9

Page 10: SharePoint 2013 Apps and the App Model

APPS HAVE TO LIVE SOMEWHERE

Why Not the Cloud?

Page 11: SharePoint 2013 Apps and the App Model

TYPES OF HOSTING OPTIONS

Page 11

Page 12: SharePoint 2013 Apps and the App Model

TYPES OF HOSTING

Page 12

Page 13: SharePoint 2013 Apps and the App Model

DEVELOPING / HOSTING SECURITY AND AUTH Auto-hosted

Auto hosted apps run as a web role in Windows Azure and use the Windows Azure Access Control Service (ACS) to obtain the access token.

Provider-hosted Provider-hosted apps run on their own servers on the Internet or your intranet, are registered with Windows Azure, and use ACS to obtain the access token*.

SharePoint-hosted SharePoint hosted apps run in an appweb, can have client side code but not server side code. Developer must use certificates or create their own trust

Page 13

Page 14: SharePoint 2013 Apps and the App Model

HIGH TRUST VS LOW TRUST

High-trust apps High-trust apps run on stand-alone servers on your intranet and use a signing certificate to digitally sign the access tokens that the app generates. Typically server to server.

Low-Trust apps Low trust apps can run anywhere and run on an Oauth code flow to delegate limited rights to apps to act as users. SharePoint and client application must trust and communicate with an authentication provider such as azure active directory.

Page 14

Page 15: SharePoint 2013 Apps and the App Model

SP 2013 AUTHClaims, Claims, Claims• Classic is no more, or on its way out• Distributed Cache

Server to Server• Exchange, Lync• BYOI

App Authentication (App Model / App Catalog / CSOM)• Create apps that use Oauth or other identity provider• App Permission Policies (User/App, App Only, User Only)

Page 15

Page 16: SharePoint 2013 Apps and the App Model

LOW TRUST APPS IN SHAREPOINT 2013

Page 16

Page 17: SharePoint 2013 Apps and the App Model

BCS HYBRID AND OAUTH – THE DANCE (EXAMPLE)

Page 17

Page 18: SharePoint 2013 Apps and the App Model

PSYCHOLOGY AND THE SHAREPOINT 2013 APP MODEL

Page 19: SharePoint 2013 Apps and the App Model

APPS ARE PEOPLE TOO

Apps have permission like users

App principle is like a user identify – a security principle

Apps are granted perms Differ than users All or nothing / No hierarchy

Apps have default perms App can run app web App can include permissions Install grants / denies permission

Page 19

Page 20: SharePoint 2013 Apps and the App Model

IDENTITY

Page 20

Page 21: SharePoint 2013 Apps and the App Model

ACCESS TOKENS

• What’s a token?

Access tokens are issued by the OAuth security token service (STS). An example of OAuth STS is Windows Azure Access Control Service (ACS) OAuth endpoints.

Other tokens WS-Federation STS and the Security Assertion Markup Language (SAML) passive sign-in STS are

primarily intended to issue sign-in tokens Other

Page 21

Page 22: SharePoint 2013 Apps and the App Model

OAUTH

OAuth is an open standard for authorization

OAuth is not OpenID (authentication/digital ID)

Valet Key

Access Token

Scopes

Page 22

Page 23: SharePoint 2013 Apps and the App Model

TOKENS

•How to manage the lifetime of the parameters passed from SharePoint, such as SPHostUrl or refresh token? •How to write an app that can run under different authentication modes without a code change? •How to handle app URL bookmarking? •When to renew [an] access token?

The new SharePointContext helper is designed to solve these problems. It is built on TokenHelper, attempting to provide a simplified and unified context model for apps to communicate with SharePoint.

Page 24: SharePoint 2013 Apps and the App Model

PLAN FOR APP AUTHENTICATION

App authentication is the validation of an external app for SharePoint's identity and the authorization of both the app and an associated user when the app requests access to a secured SharePoint resource

Verify that the requesting app is trusted.

Verify that the type of access that the app is requesting is authorized.

Necessary :

To authorize requests by an app for SharePoint to access SharePoint resources on behalf of a user.

To authenticate apps in the Office Store, an app catalog, or a developer tenant.

Page 24

Page 25: SharePoint 2013 Apps and the App Model

SHAREPOINT 2013 APPS

Sharepoint

APPS

JS/5/CSOM

Oauth

REST

Page 26: SharePoint 2013 Apps and the App Model

SANDBOX SOLUTIONS

“SharePoint sandboxed solutions are deprecated in SharePoint 2013 in favor of developing apps for SharePoint: link”.

Page 27: SharePoint 2013 Apps and the App Model

SANDBOX SOLUTIONS

Page 28: SharePoint 2013 Apps and the App Model

SANDBOX SOLUTIONS ARE NOT DEAD

Page 29: SharePoint 2013 Apps and the App Model

EXTENSIONS AND APIS

Page 30: SharePoint 2013 Apps and the App Model

IF YOU WANT TO DO THIS ...... USE THESE APIS

ASP.NET web application (CRUD) BCS with Firewall JavaScript client object model

ASP.NET web application (CRUD) BCS without Firewall.NET Framework client object model, Silverlight client object model, or REST/OData endpoints

LAMP CRUD BCS REST/OData endpoints

Windows Phone CRUD Mobile client object model

Windows Phone PushMobile client object model and the server object model

iOS or Android CRUD REST/OData endpoints

.NET app CRUD .NET Framework client object model

Silverlight CRUD Silverlight client object model

HTML/JavaScript CRUD JavaScript client object model

Office spp JavaScript client object model

custom Windows PowerShell Server object modelCreate a timer job REST with Azure/ Server object model

Page 31: SharePoint 2013 Apps and the App Model

COMPARING REST/ODATA PROGRAMMING WITH CLIENT OBJECT MODEL PROGRAMMING

Feature.NET Framework or Silverlight object models

JavaScript object modelREST/OData endpoints called from a Windows platform or JavaScript

Object-oriented programming Yes Yes No

Batch processing Yes Yes NoAPIs for conditional processing and exception handling

Yes No No

Availability of LINQ syntax Yes No No

Combining list data from different SharePoint web applications

Yes No Yes

Familiarity to experienced REST/OData developers

No No Yes

Similarity to non-Windows programming or JavaScript programming

No Yes Yes

Strong typing for list item fields

No (except with LINQ) NoYes, from Windows platformNo, from JavaScript

Leveraging jQuery, Knockout, and other JavaScript libraries

No YesNo, from Windows platformYes, from JavaScript

Page 32: SharePoint 2013 Apps and the App Model

CLIENT APPLICATIONS AND APIS IN SHAREPOINT

Page 33: SharePoint 2013 Apps and the App Model

SPA

Page 34: SharePoint 2013 Apps and the App Model

SP-AZ = SPAZZIES

Page 35: SharePoint 2013 Apps and the App Model

ULTIMATE DEVELOPER FANTASY FOOTBALL APP Durandal.js - SPA

Knockout.js

Breesze.js

ESPN API

JSON

Twitter Bootsrap

MVVM

Page 36: SharePoint 2013 Apps and the App Model

DEMO: HOW TO CREATE A SPAZ IN 10 MINUTES Autohosted

Azure

Oauth

Steve Fox, MSDN

http://blogs.msdn.com/b/steve_fox/archive/2013/02/18/building-your-first-provider-hosted-app-for-sharepoint-using-windows-azure-part-1.aspx

http://msdn.microsoft.com/en-us/library/fp179887.aspx

Page 37: SharePoint 2013 Apps and the App Model

AZURE HOSTED

Azure

Oauth

Autohosted

Page 38: SharePoint 2013 Apps and the App Model

CRUD REST

Auto / Provider Hosted

REST

JSON

ATOM

ODATA

Page 39: SharePoint 2013 Apps and the App Model

SQL AZURE AND SHAREPOINT SQL Azure

Autohosted

CSOM

Page 40: SharePoint 2013 Apps and the App Model

APP: TWITTER IN AZURE AND SHAREPOINT SharePoint Hosted

Azure Hosted

Twitter API

Oauth

Page 41: SharePoint 2013 Apps and the App Model

VIDEO PLAYLIST

JSOM (JS and JQuery) / CSOM

HTML Video API

SharePoint Hosted

Page 42: SharePoint 2013 Apps and the App Model

REFERENCES David Aiken & Dan Wesley SharePoint 2013 on Windows Azure Infrastructure_v1 http://www.microsoft.com/en-us/download/details.aspx?id=38428

Robert G Carter, Duke Uniersity OIT http://people.duke.edu/~rob/kerberos/authvauth.html

Yung Chou http://blogs.technet.com/b/yungchou/

Connecting a PaaS Application to an IaaS application with a Virtual Network – Yung Chou, MS Tech Evangelist

http://blogs.technet.com/b/yungchou/archive/2011/03/03/chou-s-theories-of-cloud-computing-the-5-3-2-principle.aspx

Andrew Connell http://www.pluralsight.com/training/Authors/Details/andrew-connell

SharePoint 2013 Developer Ramp Up

Creating a SharePoint Server 2013 Environment for Development and Testing

Josh Gavant http://blogs.msdn.com/b/besidethepoint/archive/2012/12/13/10376205.aspx

Frank LaVigne http://franksworld.com/blog/

Introduction to Windows Azure Access Control Services Virtual Lab

Keith Mayer http://blogs.technet.com/b/keithmayer/

Introduction to Windows Azure Virtual Machines – Keith Mayer, MS Developer Evangelist

http://blogs.technet.com/b/keithmayer/archive/2013/01/07/step-by-step-build-a-free-sharepoint-2013-lab-in-the-cloud-with-windows-azure-31-days-of-servers-in-the-cloud-part-7-of-31.aspx

Page 42

Page 43: SharePoint 2013 Apps and the App Model

REFERENCES

MSDN, Technet, Microsoft, Wikipedia

http://www.techjailbreak.com/microsoft-has-launched-application-store-office-store/

http://blogs.msdn.com/b/uksharepoint/archive/2013/03/25/sharepoint-2013-development-apps-versus-solutions.aspx

http://download.microsoft.com/download/6/4/4/644BA525-96CB-4739-B08F-18949A9BDADC/spc-2013-bcs-hybrid-model.pdf

http://technet.microsoft.com/en-us/library/jj219806.aspx

http://msdn.microsoft.com/en-us/library/fp179887.aspx

http://msdn.microsoft.com/en-us/library/fp142384.aspx

http://msdn.microsoft.com/en-us/library/fp142382.aspx

Page 43