Oauth and SharePoint 2013 Provider Hosted apps

  • Published on
    01-Nov-2014

  • View
    454

  • Download
    2

DESCRIPTION

A deep dive into Oauth and a look at provider hosted apps in SharePoint 2013, including how to host an app in Azure, but added to SharePoint

Transcript

<ul><li> 1. 630 Freedom Business Center Drive 3rd Floor King of Prussia, PA 19406 2013 CapTech Ventures www.captechconsulting.com Tri-State SharePoint SharePoint 2013 Auth Giving an app a first class identity James Tramel May 14, 2013 </li> <li> 2. 2012 CapTech Ventures, Inc. All rights reserved. CapTech Philadelphia, DC, Richmond and Charlotte Based Practices MC/SI/DMBI - thought leadership Technology agnostic, several MS folks in SI practice Were local and community focused Philadbundance, Run to Rebuild, United Way Page 2 </li> <li> 3. 2012 CapTech Ventures, Inc. All rights reserved. Agenda Clouds and SharePoint, Clouds and Apps, Clouds and You Oauth small demo Authorization vs Authentication Oauth, Apps and Identity Hosting and Trust Demo </li> <li> 4. 2012 CapTech Ventures, Inc. All rights reserved. Cloudy with a chance of meatballs Page 4 </li> <li> 5. 2012 CapTech Ventures, Inc. All rights reserved. The Cloud compute as a service utility Bing Maps Data Center in a minute: http://www.youtube.com/watch?v=XbKunHnuIcA Modular Data Center Overview: http://www.youtube.com/watch?v=LiMq_5L1MQg Inside a Modular Data Center: http://www.youtube.com/watch?v=nIliMskAHro Page 5 </li> <li> 6. 2012 CapTech Ventures, Inc. All rights reserved. What is SharePoint? Application or platform? Whats the difference between these things: - Office 365, BPOS - SharePoint Online - SharePoint on Premise - SharePoint Hybrid - SharePoint 2010 - SharePoint 2013 - Foundation, Server and Enterprise - SharePoint in Azure, AWS, RackSpace, Cloudshare Page 6 </li> <li> 7. 2012 CapTech Ventures, Inc. All rights reserved. What is SharePoint in relation to the cloud Page 7 </li> <li> 8. 2012 CapTech Ventures, Inc. All rights reserved. Cloud Continuum Page 8 </li> <li> 9. 2012 CapTech Ventures, Inc. All rights reserved. IaaS vs PaaS vs SaaS Page 9 </li> <li> 10. 2012 CapTech Ventures, Inc. All rights reserved. IaaS vs PaaS vs Saas Page 10 </li> <li> 11. 2012 CapTech Ventures, Inc. All rights reserved. Iaas vs PaaS vs SaaS Page 11 </li> <li> 12. 2012 CapTech Ventures, Inc. All rights reserved. 5-3-2 Cloud Page 12 </li> <li> 13. 2012 CapTech Ventures, Inc. All rights reserved. What does this have to do with apps? Page 13 </li> <li> 14. 2012 CapTech Ventures, Inc. All rights reserved. What does this have to do with apps? Apps in the cloud Making systems and apps more robust Tying to the cloud, but you dont have to Services working together How do you make this work? Page 14 </li> <li> 15. 2012 CapTech Ventures, Inc. All rights reserved. What else is going on in the web? Twitter Tumblr Bitly Facebook Instagram Wordpress Geolocation Page 15 </li> <li> 16. 2012 CapTech Ventures, Inc. All rights reserved. Demo Page 16 </li> <li> 17. 2012 CapTech Ventures, Inc. All rights reserved. Oauth OAuth is an open standard for authorization OAuth is not OpenID (authentication/digital ID) Valet Key Access Token Scopes Page 17 </li> <li> 18. 2012 CapTech Ventures, Inc. All rights reserved. What's your P@ssword! Last time you changed your password? Benefits of the valet? Page 18 </li> <li> 19. 2012 CapTech Ventures, Inc. All rights reserved. Authentication vs Authorization Page 19 Authentication is the verification of the credentials of the connection attempt Who is the user? Is the user really who he/she represents himself to be? Authorization is the verification that the connection attempt is allowed Is user X authorized to access resource R? Is user X authorized to perform operation P? Is user X authorized to perform operation P on resource R? </li> <li> 20. 2012 CapTech Ventures, Inc. All rights reserved. SharePoint 2010 Authentication Authentication - Windows (NT, Kerberos, Anonymous, Basic, Digest) - Forms (LDAP, SQL, Custom) - SAML (ADFS, Custom, LDAP) Development - Farm (full trust) - Sandbox (some trust) - Rest/API (no trust except where given, COM) Page 20 </li> <li> 21. 2012 CapTech Ventures, Inc. All rights reserved. SP 2013 Auth Claims, Claims, Claims Classic is no more, or on its way out Distributed Cache Server to Server Exchange, Lync App Authentication (App Model / App Catalog / CSOM) Create apps that use Oauth or other identity provider App Permission Policies (User/App, App Only, User Only) Page 21 </li> <li> 22. 2012 CapTech Ventures, Inc. All rights reserved. Oauth Terms Client app - Remote app that needs site perms Content owner - User who grants perms to content Content Server - Web server where content is Auth Server - Trusted server that authenticates apps and creates oauth tokens Page 22 </li> <li> 23. 2012 CapTech Ventures, Inc. All rights reserved. The Dance how this works for Apps Page 23 </li> <li> 24. 2012 CapTech Ventures, Inc. All rights reserved. Low Trust Apps in SharePoint 2013 Page 24 </li> <li> 25. 2012 CapTech Ventures, Inc. All rights reserved. BCS Hybrid and Oauth The Dance (Example) Page 25 </li> <li> 26. 2012 CapTech Ventures, Inc. All rights reserved. Apps are people too Apps have permission like users App principle is like a user identify a security principle Apps are granted perms - Differ than users - All or nothing / No hierarchy Apps have default perms - App can run app web - App can include permissions - Install grants / denies permission Page 26 </li> <li> 27. 2012 CapTech Ventures, Inc. All rights reserved. Access Tokens Access tokens are issued by the OAuth security token service (STS). - An example of OAuth STS is Windows Azure Access Control Service (ACS) OAuth endpoints. - In contrast, the WS-Federation STS and the Security Assertion Markup Language (SAML) passive sign-in STS are primarily intended to issue sign-in tokens Whats a token? Page 27 </li> <li> 28. 2012 CapTech Ventures, Inc. All rights reserved. Identity Page 28 </li> <li> 29. 2012 CapTech Ventures, Inc. All rights reserved. When is using OAuth required? To authorize requests by an app for SharePoint to access SharePoint resources on behalf of a user. To authenticate apps in the Office Store, an app catalog, or a developer tenant. Page 29 </li> <li> 30. 2012 CapTech Ventures, Inc. All rights reserved. Plan for App Authentication App authentication is the validation of an external app for SharePoint's identity and the authorization of both the app and an associated user when the app requests access to a secured SharePoint resource Verify that the requesting app is trusted. Verify that the type of access that the app is requesting is authorized. Page 30 </li> <li> 31. 2012 CapTech Ventures, Inc. All rights reserved. Types of Hosting options Page 31 </li> <li> 32. 2012 CapTech Ventures, Inc. All rights reserved. Types of hosting Page 32 </li> <li> 33. 2012 CapTech Ventures, Inc. All rights reserved. Trust Relationships for hosting optoins Autohosted - Autohosted apps run as a web role in Windows Azure and use the Windows Azure Access Control Service (ACS) to obtain the access token. Provider-hosted - Provider-hosted apps run on their own servers on the Internet or your intranet, are registered with Windows Azure, and use ACS to obtain the access token. SharePoint-hosted - Sharepoint hosted apps run in an appweb, can have client side code but not server side code. Developer must use certificates or create their own trust Page 33 </li> <li> 34. 2012 CapTech Ventures, Inc. All rights reserved. High Trust vs Low Trust High-trust apps - High-trust apps run on stand-alone servers on your intranet and use a signing certificate to digitally sign the access tokens that the app generates. Typically server to server. Low-Trust apps - Low trust apps can run anywhere and run on an Oauth code flow to delegate limited rights to apps to act as users. SharePoint and client application must trust and communicate with an authentication provider such as azure active directory. Page 34 </li> <li> 35. 2012 CapTech Ventures, Inc. All rights reserved. Demo Setting up a provider hosted app to run in Azure Page 35 </li> <li> 36. 2012 CapTech Ventures, Inc. All rights reserved. References MSDN, Technet, Microsoft, Wikipedia Robert G Carter, Duke Uniersity OIT Connecting a PaaS Application to an IaaS application with a Virtual Network Yung Chou, MS Tech Evangelist Introduction to Windows Azure Virtual Machines Keith Mayer, MS Developer Evangelist Creating a SharePoint Server 2013 Environment for Development and Testing Critical Path SharePoint 2013 Developer Ramp Up Plural Sight, Andrew Connell Page 36 </li> <li> 37. 2012 CapTech Ventures, Inc. All rights reserved. Yes You can Premium Subscriber Free Account in Azure Page 37 </li> <li> 38. 2012 CapTech Ventures, Inc. All rights reserved. Do it Client - Powershell Azure cmdlets Import azure module Get/set azure publishing settings - Visual Studio 2012 Azure toolkit Office Developer Tools Page 38 Azure Affinity Group Storage DNS Network Active Directory </li> <li> 39. 2012 CapTech Ventures, Inc. All rights reserved. SharePoint Demo Page 39 </li> </ul>

Recommended

View more >