42
Developing Apps for SharePoint and Office Store Kashif Imran [email protected]

Developing Apps for SharePoint Store

Embed Size (px)

DESCRIPTION

Developing apps for SharePoint store.

Citation preview

Page 1: Developing Apps for SharePoint Store

Developing Apps for SharePoint and Office Store

Kashif Imran

[email protected]

Page 2: Developing Apps for SharePoint Store

Agenda

• SharePoint Solutions

• SharePoint Apps

• Developer Environment and Server Infrastructure

• Types of SharePoint Apps

• SharePoint App Shapes/User Experience

• Packaging and Publishing Apps

• Security in SharePoint Apps

• Questions

Page 3: Developing Apps for SharePoint Store

SharePoint Solutions

• Farm Solutions• Runs within the SharePoint workerprocess (w3wp.exe)• Access to Server Object Model• By default runs with current user’s permission• Developer can use SPSecurity.RunWithElevatedPrivileges that reverts code to Windows

identity of host application pool• Farm stability issues• Installation and upgrade (iisreset)• Upgrade farm to newer version of SharePoint

• Sandboxed Solutions• SPUCWorkerProcess.exe• Access to Server Object Model• Feature activation has full access to content (runs as site administrator)• Always runs as current user, can not use SPSecurity.RunWithElevatedPrivileges• Deprecated in SharePoint 2013 in favor of developing apps for SharePoint

Page 4: Developing Apps for SharePoint Store

SharePoint App

• A web application that is registered with SharePoint using an app manifest.

• Customize and extend SharePoint without full-trust access

• Get its own security principal

• Interacts with SharePoint using Client Object Model/REST

• Distributed as app package (.app) to the public marketplace or corporate app catalog

• Installed at site or tenant scope

• Any Programming language/technology that can communicate with SharePoint via REST and OAuth

Page 5: Developing Apps for SharePoint Store

SharePoint APIs

• Server Object Model

• Client Object Model• .NET Client OM• Silverlight (and Mobile) Client OM• JavaScript Client OM

• REST/OData Endpoints

• ASP.NET (asmx) web services • Only supported for backward compatibility

• Direct Remote Procedure Calls (RPC) calls to the owssvr.dll• Only supported for backward compatibility

Page 6: Developing Apps for SharePoint Store

SSOM vs CSOM

Page 7: Developing Apps for SharePoint Store

Developer Environment

• SharePoint 2013 Developer Site (Office 365 or On-premises)

• Visual Studio 2012

• Developer Tools for Visual Studio 2012

• SharePoint client components

• Windows Identity Foundation SDK

• Workflow Tools SDK and Workflow Client SDK

• Visual Studio 2012 and Office Developer Tools on SharePoint 2013 Environment

Page 8: Developing Apps for SharePoint Store

SharePoint Infrastructure for Apps

• Apps always installed and run within the context of a tenancy• SharePoint tenancy: Set of site collections that are configured managed as

a single unit.• Farm-wide tenancy (default tenancy) for on-premises farms• Service Applications

• App Management Service• Security principals, permissions and licensing and other app configuration details• Previsioned using CA or PowerShell

• Subscription Settings Service• Tenant configuration• Previsioned using PowerShell• Creates a default tenant

• Office 365 has both of these already configured for tenant

Page 9: Developing Apps for SharePoint Store

Types of SharePoint Apps

• SharePoint-hosted• App resources stored in child

site known as (app web)• App can only have client-side code

• Cloud-Hosted• App resources deployed on remote server

known as remote web• App can have both client-side and

server-side code• 2 Types of Cloud-Hosted Apps

• Autohosted (Hosted in Azure)• Provider-hosted (Deployed by provider)

Page 10: Developing Apps for SharePoint Store

SharePoint-hosted App

• During installation app web is created as child to site where app is installed

• App start page is hosted in SharePoint

• App web contains CSS, JavaScript and other resources (SharePoint Lists and Libraries etc.)

• Can contain Server Controls (XsltListViewWebPart) and Client-side code served out of isolated domain

Page 11: Developing Apps for SharePoint Store

DemoSharePoint-hosted App

Page 12: Developing Apps for SharePoint Store

App Manifest

• Metadata for app

• AppManifest.xml

• Start Page Element• SharePoint-hosted

• For SharePoint-hosted must use ~appWebUrl

• ~ appWebUrl/Pages/ Default.aspx• App’s start page is not known until the app has been installed

• Autohosted• ~remoteAppUrl stays in the appmanifest and replaced by Offce 365

• Provider-hosted• ~remoteAppUrl must be replaced with absolute URL when app is published

• During debugging VS replaces ~remoteAppUrl with URL of remote web

• {StandardTokens} => replaced by SharePoint environment SPHostUrl, SPLanguage

Page 13: Developing Apps for SharePoint Store

App Web

• App by default has full permissions to read/write content to app web

• No default permissions on any location in the SharePoint host environment

• App.master provides UI to go back to host web

• Isolated in its own private domain• https://{ TenancyName}-{14 char App UID}. sharepoint.com/ sites/{ ParentSiteName}/{

AppName}/• http:// apps-{ UniqueID}. sp2013apps.local/ sites/{ ParentSiteName}/{ AppName}/

• Why Private Domain?• XSS: JavaScript code can not call back to host web• JavaScript do not run with the same established user identity as host web• SharePoint environment sees JavaScript callbacks from appweb with unique URLs and can

authenticate apps

• {StandardTokens}: { HostUrl}, {AppWebUrl}, { Language}

• Use Internal Authentication: App is not required to create/manage security tokens

Page 14: Developing Apps for SharePoint Store

Autohosted App

• Provisions database and websites on demand

• Has associated remote web, can optionally have app web

• Office 365 deploys remote web in Azure during app installation

• Can store app specific data in its own database using SQL Azure

• Only supported in Office 365

• Each tenant receives its own instance of app and database

Page 15: Developing Apps for SharePoint Store

DemoAutohosted App

Page 16: Developing Apps for SharePoint Store

Provider-hosted App

• Associated remote web deployed and maintained by developer

• Remote web is deployed prior to app installation

• Often store app specific data in its own database

• Multitenancy issues: data isolation, privacy/reglulations

Page 17: Developing Apps for SharePoint Store

DemoProvider-Hosted App

Page 18: Developing Apps for SharePoint Store

SharePoint Apps User Experience Options

• Immersive Full-page

• App Parts/Client Parts

• UI command extension/Custom Actions

Page 19: Developing Apps for SharePoint Store

App Parts

• IFrame on steroids

• UI element surfaced on pages in the host web via an IFrame

• Experience similar to web parts

• Client Web Part (implementation of App Part), template in Visual Studio

• Can not have any server side code that run in SharePoint host environment

• Supported for SharePoint-hosted, Autohosted and Provider-hosted

• Iframe + Start Page Tokens + Custom Properties, Contextual security information to call back into SharePoint host environment via app identity

Page 20: Developing Apps for SharePoint Store

DemoApp Parts

Page 21: Developing Apps for SharePoint Store

UI Custom Actions

• Add commands to host site

• Button on ribbon

• Menu command in ECB

• Other UI custom action available in Farm solutions are not available in app model

• Supported in all three hosting models

• Contextual information about item or document via query string

• UrlAction: ~appWeburl, ~remoteAppUrl, {StandardTokens}, {ItemURL}, {HostUrl}, {SiteUrl}, {ListId}, {SelectedListId}, {SelectedItemId}

• HostWebDialog=True

Page 22: Developing Apps for SharePoint Store

DemoUI Custom Actions

Page 23: Developing Apps for SharePoint Store

Packaging Apps

• App Package: distributable zip file with extension .app

• AppManifest.xml

• AppIcon.png, AppIcon.png.config.xml (assigns icon a GUID)

• Resource files, CSS, JavaScript

• wsp package for SharePoint specific artifacts (lists and pages) embedded with the app package

• If app package contains inner solution package, SharePoint creates app web otherwise installs app without app web

• App web solution package contains a single web-scoped feature (host web feature) that gets activated by default and deploys declared elements (pages, lists)

• App web solution package can not have .NET assemblies with server-side code

• SharePoint-hosted app will create an app web because start page must be added to the app web

• Cloud-hosted apps can decide if they need app web or not

• App part and UI Custom action features are added at top level in app package and not inside the wsp solution package

Page 24: Developing Apps for SharePoint Store

Packaging Autohosted Apps

• Web deploy package used for azure deployment is embedded in app package

• *Web.zip => MyAppWeb.zip

• Optional Data Tier Application Package for SQL Azure .dacpac

• Add new SQL Database project and change target platform to SQL Azure => It will cause project output to be .dacpac

• Use SQL Package property in app project to point to .dapac file

Page 25: Developing Apps for SharePoint Store

Publishing Apps

• Publish to Office Store• Dashboard seller account (https://sellerdashboard.microsoft.com)• Licensing and ecommerce is take care by Microsoft• SharePoint apps, Apps for Office, Windows Azure Catalog Apps• Upload app package and fill associated details• Approval process

• Publish to app catalog• Give Read access to user so they could discover and install apps• Or install app at tenant scope• Apps for SharePoint and Apps for Office document libraries• Management of app requests from users

Page 26: Developing Apps for SharePoint Store

DemoApp Catalog and Seller Dashboard

Page 27: Developing Apps for SharePoint Store

App Lifecycle Events

• Installed, updated, uninstalled etc.

• Because of server-side entry point, app events are only supported in cloud hosted apps

• Handle App Installed, Handle App Uninstalling, Handle App Upgrade

Page 28: Developing Apps for SharePoint Store

App Authentication in SharePoint 2013

• App are first class security principals and granted permissions separate from user permission• Granted as all or none and No hierarchy of permission

• Security Principal: An entity understood by a security system (User, SharePoint App)

• App authentication is only supported in CSOM and REST API end points• App authentication is NOT supported in custom web service entry points• Apps have Full rights against app web, can request permissions for other

webs• Full Control permission can not be used for OfficeStore apps• AllowAppOnlyPolicy=True in AppManifest to have app only permissions• Project Server permissions available if PWA is installed

Page 29: Developing Apps for SharePoint Store

Types of App Authentication in SharePoint

• 3 basic types of app authentication

• Internal authentication

• External authentication using OAuth

• External authentication using S2S

Page 30: Developing Apps for SharePoint Store

Internal Authentication

• Used in Client-side calls from pages in app web or remote web which use cross domain library

• Incoming calls require a SAML token holding an established user identity

• Call targets unique domain of app web associated with an app

• SharePoint maps target URL to instance of an app

• App code is not required to create and manage security tokens

Page 31: Developing Apps for SharePoint Store

External Authentication

• Calls to SP from server-side code running in remote web

• Used for both OAuth and S2S

• Incoming calls require access token with app identity

• Access token can optionally carry user identity as well

• Call can target any CSOM or REST endpoint in any site

• App code is required to create and manage security tokens

Page 32: Developing Apps for SharePoint Store

OAuth

• OAuth.net

• Internet protocol/spec for creating/mapping app identity

• A cross platform, open protocol for authenticating apps

• Internet standard used by Google, Facebook, Twitter

• Authorize requests by an app for SharePoint to access SharePoint resources on behalf of a user

• SP2013 uses OAuth 2.0 (very different from OAuth 1.0)• OAuth specs provides details on how to create access tokens• Used for external auth in Office 365• Delegated authorization codes or access tokens are issues by OAuth STS (Windows Azure Control Services)• Remote web must communicate with ACS to obtain access tokens• Access tokens pass to SharePoint host in CSOM or REST API calls

• WS-Federation STS and SAML passive sign-in STS are primarily intended to issue sign-in tokens

• In SP2013, OAuth STS is uses only for issuing context tokens and not used as identity providers

Page 33: Developing Apps for SharePoint Store

OAuth Concepts

• Content Owner(s)• SharePoint user(s) who can grant permissions to site content

• Content Server• SharePoint web server that hosts site with the content that is to be accessed

• Client App/ClientID/AppID• Remote web that needs permissions to access site content

• Authentication Server• Trusted service that provides apps with access tokens allowing access to

content

• Windows Azure ACS in Sp2013 apps case

Page 34: Developing Apps for SharePoint Store

OAuth Workflow in Office 365

Page 35: Developing Apps for SharePoint Store

Security Tokens used in OAuth

• Context Token• Contextual information passed to app• JWT• Valid for 12 hours• Cache key: identify unique user

(user, app, tenant)

• Refresh Token• Used by client app to acquire an access token• Valid for 6 months

• Access Token• Token passed to SharePoint to app

when using external authentication• Valid for 12 hours

Page 36: Developing Apps for SharePoint Store

Context Token

Page 37: Developing Apps for SharePoint Store

Access Token

Page 38: Developing Apps for SharePoint Store

Managing App Principals in O365

• /_layouts/15/…

• AppRegNew.aspx

• AppInv.aspx

• AppPrincipals.aspx

• PowerShell for SPOnline to administer SharePoint apps and app principals

Page 39: Developing Apps for SharePoint Store

DemoProject Management App

Page 40: Developing Apps for SharePoint Store

Remove an app in Invalid State

Page 41: Developing Apps for SharePoint Store

Tallahassee Code Camp

• http://www.tallycodecamp.org/

• Saturday, November 9, 2013http://www.tallycodecamp.org/Content/Schedule_2012.pdf

Page 42: Developing Apps for SharePoint Store

Questions

• ???