View
96
Download
6
Category
Tags:
Preview:
DESCRIPTION
Building end-to-end apps for SharePoint with Windows Azure and Windows 8. Rob Howard, Donovan Follette Sr. Program Manager, Sr. Technical Evangelist 3-022. Agenda. Demo end-to-end solution Introduction to _ api Meet the new App Principal Remote Event Receivers. Key Takeaway. - PowerPoint PPT Presentation
Citation preview
Building end-to-end apps for SharePoint with Windows Azure and Windows 8Rob Howard, Donovan FolletteSr. Program Manager, Sr. Technical Evangelist3-022
Demo end-to-end solutionIntroduction to _apiMeet the new App PrincipalRemote Event Receivers
Agenda
With the new cloud app model for SharePoint and its rich service APIs, your apps can now consume SharePoint better than ever before.
Key Takeaway
Scenario Overview
Business:Company wishes to create a mobile enabled toolset for sales personnel to efficiently respond to sales leads and win business
Technical:Company wants a 100% cloud-based solution and use desktop applications and mobile devices to access the toolset
Windows 8 Application
Microsoft Word with Apps For Office
Internal O365 SharePoint Site
Windows Azure Cloud Services
Windows Azure Workflow Server
Public O365 SharePoint Site Windows
Azure SQL Database
Clients (Desktop/Tablet/Mobile)
Cloud
• View / approve SOWs• Display Excel Services
charts in Word
• View client companies• View sales leads• Receive toast and tile
and raw notifications• View Excel Services
charts• Create estimates
• Contact internal sales personnel to follow up on requests for quotes
• Contact vendors to follow up on requests for quotes
• Approve SOWs• Display, Create, Update,
Delete Sales Leads• Store Excel Documents• Store SOWs• Host team sites for projects• BCS External List
• Submit requests for quote
• Send notifications• Create SOWs• Update data in Excel
documents• Create SharePoint project
sites
• Facilitate SOW creation, approval, submission, and follow up tasks
• Store sales request data
Windows AzureAccess Control Service• OAuth
Demo using Windows 8, Windows Azure SQL Database, Web Sites and Access Control Services
Lead Tracking app for SharePoint Online
Introduction to _api
Introducing the all new _api
_APIClient/Server/Mobile Symmetrical
OAuth Enabled2,000+ Classes
Declarative, Remote EventsFully Remote
6,000+ MembersODataJQuery Compatible
Private and Public Clouds
JSON
JavaScript Library
Silverlight Library
.Net CLR Library
Custom Client Code
ClientSharePoint
_api
SharePoint Foundatio
n
Execute Query
SharePoint 2013 and SharePoint Online _api
OData / REST
User Profile
Search
Taxonomy Feeds More…
Consistent Access to ServicesAPI REST URL Script Client NamespaceWeb http://weburl/_api/Web SP Microsoft.SharePoint.ClientSearch http://weburl/_api/Search SP.Search Microsoft.SharePoint.Client.Searc
hTaxonomy http://weburl/_api/
Taxonomy SP.Taxonomy
Microsoft.SharePoint.Client.Taxonomy
Social http://weburl/_api/Social SP.Social Microsoft.SharePoint.Client.Social
Consistent UsageREST/ODatahttps://contoso.sharepoint.com/_api/web/Title
Managed CodeClientContext ctx = new ClientContext("https://contoso.sharepoint.com");ctx.Load(ctx.Web.Title);ctx.ExecuteQuery();
JavaScriptvar ctx = new SP.ClientContext("https://contoso.sharepoint.com");ctx.load(ctx.get_web().get_title());ctx.executeQueryAsync();
Base endpoint GET http://<weburl>/_api
Get the web’s titleGET http://<weburl>/_api/Web/title
Get the collection of lists in the webGET http://<weburl>/_api/Web/lists
Get the lists in the web with a BaseTemplate of 104 (announcement lists)GET http://<weburl>/_api/Web/lists?$filter=BaseTemplate eq 104
Create a new listPOST http://<weburl>/_api/web/Lists
Body:
{ 'd' : {'__metadata': {'type': 'SP.List'},'Title': 'My New List,'Url': 'newlist','TemplateType': 101,'TemplateFeatureId': '00BFEA71-E717-4E80-AA17-D0C71B360101'}}
Sample REST / OData Calls
demo
SharePoint _API
Meet the App Principals
(Rob)
Contoso photo
Contoso photo
Contoso
?Contoso photo
Contoso
Contoso photo
Contoso
View
View
Contoso photo
Contoso
View, Upload, Tag, Comment
View, Upload, Tag, Comment
Contoso photo
Contoso
View, Upload, Tag, Comment, Change Password
View, Upload, Tag, Comment, Change Password
Contoso photo
Contoso
View, Upload, Tag, Comment, Change Password
Contoso photo
Contoso
View, Upload, Tag, Comment, Change Password
Contoso photo
Contoso
View, Upload, Tag, Comment, Change Password
Contoso photo
Contoso
View, Upload, Tag, Comment, Change Password
View
Contoso photo
Contoso
View, Upload, Tag, Comment, Change Password
View
Contoso photo
Contoso
SharePoint
SharePoint 2007
Sandbox
SharePoint 2010
SharePoint
Azure, IIS, LAMP, etc…
_api
SharePoint 2013
App Model: Past, Present and Future
What: The protocol to handle the authorization flow.Based on existing internet implementations
Why:Functionality
App and User identitiesEstablished model for granting app accessSimple
OtherEngineering efficienciesGood adoption
Clear architectural roadmap
OAuth 2.0
32
User credentialsprovided?Start
End
User only context
App only context
User + App
context
Anonymous context
App tokenprovided?
App tokenIncludes user?
AuthenticationYes
No
No No
Yes Yes
SharePoint Context Token
SharePoint Server
App.com
Browser
Browser
SharePoint Server
App.com
STS (ACS)
Browser
SharePoint Server
1
App.com
STS (ACS)
1) User browses to a SharePoint page with an app from app.com on it
https://rhoward.sharepo
Browser
SharePoint Server
1
App.com
2
STS (ACS)
2) SharePoint asks ACS to create and sign a token which contains context information (e.g. the current user) and an auth code
https://rhoward.sharepo
Browser
SharePoint Server
1
App.com
2
STS (ACS)
3
3) ACS returns the signed context token
https://rhoward.sharepo
Browser
SharePoint Server
1
App.com
2
STS (ACS)
3
4
4) SharePoint renders the page including an iframe, which will POST the context token to app.com
SP API Reviewhttps://rhoward.sharepo
POST https://app.com/…SPAppToken=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.e…
Browser
SharePoint Server
1
5
App.com
2
STS (ACS)
3
4
5) The iframe causes the browser to request a page from app.com including the context token
SP API Reviewhttps://rhoward.sharepo
Browser
SharePoint Server
1
5
App.com
2
STS (ACS)
3
4
6
6) App.com validates the signature on the context token, extracts the auth code, and uses its credentials to request an access token from ACS
SP API Reviewhttps://rhoward.sharepo
Browser
SharePoint Server
1
5
App.com
2
STS (ACS)
3
4
6
7
7) Windows Azure Access Control Service (ACS) returns an access token
SP API Reviewhttps://rhoward.sharepo
Browser
SharePoint Server
1
5
8
App.com
2
STS (ACS)
3
4
6
7
8) App.com makes a web service request to SharePoint, passing the access token
SP API Reviewhttps://rhoward.sharepo
Browser
SharePoint Server
1
5
8
9
App.com
2
STS (ACS)
3
4
6
7
9) SharePoint returns information to App.com
SP API Reviewhttps://rhoward.sharepo
Browser
SharePoint Server
1
10
5
8
9
App.com
2
STS (ACS)
3
4
6
7
10) App.com renders the iframe contents
SP API Reviewhttps://rhoward.sharepo
7 Unassigned Changes21 Pending Reviews17 Active API BugsNag Mail
Nag Mail
Auto-Assign
demo
A basic remote app
The OAuth 2.0 Authorization ProtocolThe OAuth 2.0 Authorization Protocol: Bearer TokensJSON Web Token (JWT)IETF OAuth WG homepage
OAuth Standards Resources
SharePoint 2013 & Windows Azure Workflow
People
Content
Events
Collab
Visu
al S
tudi
o
Shar
ePoi
nt D
esig
ner
SharePointWF3 Host
SharePoint OM_API
Workflow Services Manager
MTW
AzureService Bus
AzureWorkflow
AzureAccess Control
OAuth2
Instances Interop
Deployment Messaging
WF4 Service Application Proxy
Remote Event Receivers
Remote Event Receivers
App Server
Remote Event
Push Notifications
demo
Remote Event Receivers
SharePoint 2013 has a broad, powerful set of service APIs available to clients of a comprehensive set of technologiesSharePoint 2013 independently authenticates both users and app principals Using the deep set of APIs and standard web technologies you can build a new class of innovative productivity solutions by accessing SharePoint as a service
Takeaways
• Today 12:00 PM – B92 Stinger – Developing an App for SharePoint Autohosted…
Related Sessions
• http://dev.office.com• http://blogs.msdn.com/b/office
apps
• http://dev.windows.com• http://windowsazure.com
Office, SharePoint & More Resources Please submit sessions evals on the Build Windows 8 App
or at http://aka.ms/BuildSessions
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Overflow
Two Aspects to Access ControlAuthenticationverifying a claim made by a subject that it should be allowed to act on behalf of a given principal
Authorizationverifying that an authenticated subject has permission to perform certain operations or access specific resources
SharePoint“Host” Web
App Web JavaScript
App Authentication
SharePoint“AppWeb”
SharePoint“Host” Web
App Authentication
JavaScript(cross domain) SharePoint
“AppWeb”
SharePoint“Host” Web
App Authentication
OAuth
SharePoint“AppWeb”
App Identity Online and On-PremIn the cloudWindows Azure Active Directory (AD) comes with O365Apps use ‘3-legged’ OAuth
Azure AD
App Office 365
Cloud
App Identity Online and On-PremIn the cloudWindows Azure AD comes with O365Apps use ‘3-legged’ OAuthOn-PremisesCert-based trustOn-prem to on-prem
App SharePoint
On-Prem
Azure AD
App Office 365
Cloud
App Identity Online and On-PremIn the cloudWindows Azure AD comes with O365Apps use ‘3-legged’ OAuthOn-PremisesCert-based trustOn-prem to on-premHybridUse O365 Azure AD with on-prem SPSupports marketplace and on-prem apps
Azure AD
App Office 365
App SharePoint
CloudOn-Prem
Authorization
Apps have Identity (separate from Users)Ex: Printing App is distinct from the user using the Printing app
Access is based on GrantsGrants are available to AccessCheckGrants have scopes and rightsEx: Printing App has READ right on “Picture Library”
AccessCheck makes a decision usingIdentities (User, Application)Resource Attributes (ACLs)Policies
User OnlyApp & UserApp Only
Authorization Logical Model
Apps must request the permissions they require to run
Permission Requests
<AppPermissionRequests AllowAppOnlyPolicy="true"> <AppPermissionRequest Scope="http://sharepoint/content/sitecollection" Right="Read"/> <AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web/list" Right="Write"> <Property Name="BaseTemplateId" Value="101"/> </AppPermissionRequest> <AppPermissionRequest Scope="http://sharepoint/social/microfeed" Right="Manage"/> <AppPermissionRequest Scope="http://sharepoint/search" Right="Query"/></AppPermissionRequests>
Permission RequestsScope="http://sharepoint/content/sitecollection" Right="Read"/>
Product Permission ProviderSpecific component Capability
Consent
App Name Here
Available App PermissionsScope Right
http://sharepoint/content/tenant Read;Write;Manage;FullControlhttp://sharepoint/content/sitecollection Read;Write;Manage;FullControlhttp://sharepoint/content/sitecollection/web Read;Write;Manage;FullControlhttp://sharepoint/content/sitecollection/web/list Read;Write;Manage;FullControlhttp://sharepoint/bcs/connection Readhttp://sharepoint/search QueryAsUserIgnoreAppPrincip
alhttp://sharepoint/projectserver Managehttp://sharepoint/projectserver/projects Read;Writehttp://sharepoint/projectserver/projects/project Read;Writehttp://sharepoint/projectserver/enterpriseresources Read;Writehttp://sharepoint/projectserver/statusing SubmitStatushttp://sharepoint/projectserver/reporting Readhttp://sharepoint/projectserver/workflow Elevatehttp://sharepoint/social/tenant Read;Write;Manage;FullControlhttp://sharepoint/social/core Read;Write;Manage;FullControlhttp://sharepoint/social/microfeed Read;Write;Manage;FullControlhttp://sharepoint/taxonomy Read;Write
Recommended