Share point 2013 add-in (formerly app) development

  • Published on

  • View

  • Download

Embed Size (px)


<ol><li> 1. Add-in (formerly App) Development </li><li> 2. Add-in (App) Development App Authentication/Authorization App Authorization Policies/Permissions App Installation Scopes App Part/App Script Part Pattern JS Link Demos </li><li> 3. Why Apps ? Code Runs outside SharePoint environment i.e. in browser or non-SP Server Easier to upgrade, migrate, etc. Types based on Hosting SharePoint Hosted Provider Hosted </li><li> 4. SharePoint Hosted Apps Centered around SharePoint components like lists, libraries, pages, etc. Code in JavaScript on SharePoint page No server side code Declarative ASPX pages allowed Creates a separate site called App web, hence hosted by SharePoint server </li><li> 5. Provider Hosted Apps Centered around remote web app/data source Code in remote server side code or JavaScript Can include SharePoint components (special case) Hosted separately from SharePoint Server Can handle SharePoint list and list item events (Remote Event receivers) 3 options for coding: CSOM C# code for accessing SharePoint components JSOM library REST/OData APIs </li><li> 6. User authentication is tied to SharePoint (Claims, Forms, etc.) App Authentication: Apps are also Security Principals like users and need to be authenticated and authorized Three Authorization levels Low-trust (Uses OAuth) used with SharePoint Online High-trust Cross-domain </li><li> 7. High Trust (Provider hosted apps) Required to establish trust between Remote Web Server and SharePoint server Done through Digital certificates Security Token service (STS) service provides temporary tokens for server server authentication Remote Web Application bound to digital certificate Two types Token issuers Token per app Token for all apps (called Trust Broker) </li><li> 8. Cross Domain Library (SharePoint hosted/Provider hosted apps) All Browsers prevent cross-domain scripting Overcome by iframe that communicates with parent that uses postMessage() Restricted to HTML5 browsers that support postMessage() Used by loading SP.RequestExecutor.js </li><li> 9. User only : Authenticated User Identity used User access SP resources from UI and not from app App-Only policy : Authenticated App Identity SP resources accessed through app app should have permission to the resource the app is accessing User + App policy : Both Identities SP resources accessed through app Both app and user should have permission to the resource the app is accessing </li><li> 10. By default App has full permission to App Web Permission request needed to access host web Example configuration: </li><li> 11. App can be installed in 2 Scopes: Site Scope Host web same as site where app is installed Tenancy Scope App is installed in App Catalog site App configured so users launch it from other sites Host web is not the same as site where app is installed </li><li> 12. Special type of web part called Client Web Part Uses iframe to display contents of an app Web Part App Part Run on SharePoint Server Run on external servers or Browser Run with User Permissions or will full Permissions (elevated Privilege) Run with App Identity that is granted specific Permission. Runs in the Same Domain and environment of the page and its content. Runs on Different domain providing complete client -side isolation Could take up a significant amount of CPU cycles for complex operations Executed outside SharePoint hence SharePoint performance is not impacted </li><li> 13. 1. SharePoint on-premises (or Office365) 2. App Script part (webpart) referencing external JavaScript file and having the div for marking the location where the information is injected 3. Actual JavaScript file stored in the provider hosted app side 4. Provider hosted app platform where the JavaScript file is hosted that can be reached from the pages or by the browser when page html is processed </li><li> 14. Allows to use JavaScript to SharePoint artifacts(no XSLT) CSR (Client Side Rendering) JSLink is a property that can be used with fields, Web Parts, list forms and content types </li><li> 15. Editing expirience can be adjusted based on the requirements. Presentiation of information in lists can be modified using client side techniques. 1 2 3 4 </li><li> 16. App authorization policy types in SharePoint 2013 ( us/library/office/fp179892.aspx) Three authorization systems for apps for SharePoint 2013 ( us/library/office/dn790706.aspx) Access SharePoint 2013 data from apps using the cross-domain library ( Tenancies and deployment scopes for apps for SharePoint ( us/library/office/fp179896.aspx ) Introducing app script part pattern for Office365 app model ( office365-app-model.aspx) JSLink Client Side Rendering (CSR) Samples ( </li></ol>


View more >