Developing hybrid SharePoint apps that
run on-premise and in the cloud
About Bram
http://bramdejager.wordpress.com
@bramdejager
bram.de.jager@macaw.nl
Agenda
Another authentication model?!
Why do we need a new
authentication model?
Where does the new App model fit
in?
Customization Options
Sandbox
 Hosted in isolated
process
 Limited server side
SharePoint API
access
 No external
servi...
Hybrid Scenarios
Cloud, On-Premise, and Hybrid
•
•
•
Azure AD
Office 365App
App SharePoint
SharePoint-hosted apps on-prem and online
Inside OAuth
Access token and issuer
OAuth-authenticated request
Decoded access token
Online authentication
On-premise authentication
Building a High-Trust (S2S) app on-premise
Hybrid Apps
Hybrid app
Building a Hybrid app
Wrap up
Summary
Contact
www.macaw.nl
Bram.de.Jager@macaw.nl
bramdejager.wordpress.com
@bramdejager
THANK YOU
Developing hybrid SharePoint apps that run on-premise and in the cloud - Bram de Jager - SPSNL 2013
Developing hybrid SharePoint apps that run on-premise and in the cloud - Bram de Jager - SPSNL 2013
Developing hybrid SharePoint apps that run on-premise and in the cloud - Bram de Jager - SPSNL 2013
Upcoming SlideShare
Loading in...5
×

Developing hybrid SharePoint apps that run on-premise and in the cloud - Bram de Jager - SPSNL 2013

5,238

Published on

With the new SharePoint App model running outside the SharePoint worker process it introduces new authentication models. As a developer you don't want to build multiple versions of the same app implementing each authentication model separately. This session explains the differences between securing SharePoint apps with OAuth in Office 365 and S2S High Trust in on-premise deployments. You will learn how to build a single app that will run on-premise, online and hybrid SharePoint environments.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
5,238
On Slideshare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Beareris Access Token in Base64 encodingandsigned.Where found: Fiddler » Inspectors (tab) » Raw
  • Signedencoded access token based on JWT (Json Web Token), SharePoint checks if access token is trusted. Whentrustedanddecodedit check the following: Iss: Who signed the access token: <principal ID>(ACS or Client ID)@<realm>(Tenant ID or Farm ID)Aud: Who is this token entendedfor:<client ID>(SharePoint)/<target URL authority>(URLwebapp or tenant)@<target realm>(Tenant ID or Farm ID)NameId: Identifier of user you are tryingtoidentify on behalf of: SID (AD)Nii: Who is theidentifier provider for the NameID.Nbf: Not before, datethat token starts being valid.Exp: Expires, datethattoken stops beingvalid.Actor: the actualappthat is making the call.Calculate datefornbfandexp:(Get-Date -Day 1 -Month 1 -Year 1970).AddSeconds(1372367140) ClientID:ACS 00000001-0000-0000-c000-000000000000Exchange 00000002-0000-0ff1-ce00-000000000000SharePoint 00000003-0000-0ff1-ce00-000000000000Lync 00000004-0000-0ff1-ce00-000000000000Workflow 00000005-0000-0000-c000-000000000000Where found: Fiddler » Inspectors (tab) » Auth; Copy Beareranddecode (Base64 encoding) via http://openidtest.uninett.no/jwt
  • Developing hybrid SharePoint apps that run on-premise and in the cloud - Bram de Jager - SPSNL 2013

    1. 1. Developing hybrid SharePoint apps that run on-premise and in the cloud
    2. 2. About Bram http://bramdejager.wordpress.com @bramdejager bram.de.jager@macaw.nl
    3. 3. Agenda
    4. 4. Another authentication model?! Why do we need a new authentication model?
    5. 5. Where does the new App model fit in?
    6. 6. Customization Options Sandbox  Hosted in isolated process  Limited server side SharePoint API access  No external service calls Farm SharePoint Apps  Full trust solutions  Customizations to file system of servers  Hosted in same process as SharePoint  Server side SharePoint API access  Classic model from 2007  New Apps model  Deployed from corporate catalog or Office Store  Runs outside of SharePoint process  Can be deployed on Azure, IIS, Apache,…  Simple install and upgrade process  Deprecated in SharePoint 2013
    7. 7. Hybrid Scenarios
    8. 8. Cloud, On-Premise, and Hybrid • • • Azure AD Office 365App App SharePoint
    9. 9. SharePoint-hosted apps on-prem and online
    10. 10. Inside OAuth
    11. 11. Access token and issuer
    12. 12. OAuth-authenticated request
    13. 13. Decoded access token
    14. 14. Online authentication
    15. 15. On-premise authentication
    16. 16. Building a High-Trust (S2S) app on-premise
    17. 17. Hybrid Apps
    18. 18. Hybrid app
    19. 19. Building a Hybrid app
    20. 20. Wrap up
    21. 21. Summary
    22. 22. Contact www.macaw.nl Bram.de.Jager@macaw.nl bramdejager.wordpress.com @bramdejager
    23. 23. THANK YOU

    ×