Developing hybrid SharePoint apps
that run on-premise and in the cloud
Bram de Jager
Macaw, The Netherlands
Microsoft Cert...
Agenda
• Why do we need a new authentication model?
• Where does the new App model fit in?
• Inside OAuth
• Hybrid Apps
• ...
ANOTHER AUTHENTICATION MODEL?!
Why do we need a new authentication model?
WHERE DOES THE (NEW) APP MODEL
FIT IN?
Developing hybrid SharePoint apps that run on-premise and in the cloud
Customization Options
Sandbox
 Hosted in isolated
process
 Limited server side
SharePoint API
access
 No external
servi...
Cloud, On-Premise, and Hybrid
• Cloud
– Azure AD (WAAD) in O365
– Apps use OAuth
• On-Premises
– Apps user cert based trus...
Bram de Jager
SharePoint-hosted apps
on-premise and online
Scenario
• Build simple SharePoint-hosted app (list count)
• Deploy to on-premise App Catalog
• Deploy to online App Catal...
Limitations SharePoint-hosted
• No custom server-side code (only HTML & JavaScript)
– Only supports current user in a page...
INSIDE OAUTH
Developing hybrid SharePoint apps that run on-premise and in the cloud
Access token and issuer
OAuth-authenticated request
POST http://teams.contoso.com/sites/dev/_api/client.svc/ProcessQuery HTTP/1.1
Authorization: B...
Decoded access token
{
"typ":JWT
"alg":RS256
"x5t":34-64-C5-BD-D2-BE-7F-2B-61-12-E2-F0-8E-9C-00-24-E3-3D-9F-E0
}
{
"aud": ...
Online authentication
On-premise authentication
Bram de Jager
Building a High-Trust (S2S)
app on-premise
Scenario
• Setup the server-to-server (S2S) trust
• Build a High-Trust app
• Show the “on behalf of”
HYBRID APPS
Developing hybrid SharePoint apps that run on-premise and in the cloud
Hybrid app
Office Developer Tools support
• In Visual Studio 2012 the app checks availability of
the ContextToken (present or not)
– ...
Bram de Jager
Building a Hybrid app
Scenario
• Set-up trust between on-premise SharePoint Farm
and Azure Control Services (ACS)
• Build Hybrid SharePoint app ...
WRAP UP
Developing hybrid SharePoint apps that run on-premise and in the cloud
Summary
• The new App model is designed for both cloud and on-
premise
• Use the high-trust (S2S) authentication model for...
Key takeaways
• Understanding authentication flow is a must for
every developer
• Don’t use Visual Studio 2012 any more
• ...
Resources
• Decode JWT, http://openidtest.uninett.no/jwt
• How to: Use an Office 365 SharePoint site to authorize
provider...
Thank you
• http://bramdejager.wordpress.com
• @bramdejager
• bram.de.jager@macaw.nl
• http://spcb.codeplex.com
Developing hybrid SharePoint apps that run on-premise and in the cloud - ESPC 2014
Developing hybrid SharePoint apps that run on-premise and in the cloud - ESPC 2014
Developing hybrid SharePoint apps that run on-premise and in the cloud - ESPC 2014
Upcoming SlideShare
Loading in...5
×

Developing hybrid SharePoint apps that run on-premise and in the cloud - ESPC 2014

5,841

Published on

With the new SharePoint App model running outside the SharePoint worker process it introduces new authentication models. As a developer you don't want to build multiple versions of the same app implementing each authentication model separately. This session explains the differences between securing SharePoint apps with OAuth in Office 365 and S2S High Trust in on-premise deployments. You will learn how to build a single app that will run on-premise, online and hybrid SharePoint environments.

Attending the session provides in-depth insights into the authentication models for SharePoint Apps. After attending the session the developer is able to make a decision whether to implement SharePoint Apps as on-premise only, cloud only or "Hybrid" app that runs both on-premise and cloud.

Published in: Software, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
5,841
On Slideshare
0
From Embeds
0
Number of Embeds
13
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Developing hybrid SharePoint apps that run on-premise and in the cloud - ESPC 2014"

  1. 1. Developing hybrid SharePoint apps that run on-premise and in the cloud Bram de Jager Macaw, The Netherlands Microsoft Certified Solutions Master: SharePoint
  2. 2. Agenda • Why do we need a new authentication model? • Where does the new App model fit in? • Inside OAuth • Hybrid Apps • Wrap-up
  3. 3. ANOTHER AUTHENTICATION MODEL?! Why do we need a new authentication model?
  4. 4. WHERE DOES THE (NEW) APP MODEL FIT IN? Developing hybrid SharePoint apps that run on-premise and in the cloud
  5. 5. Customization Options Sandbox  Hosted in isolated process  Limited server side SharePoint API access  No external service calls Full Trust (a.k.a. Farm) SharePoint Apps  Server side SharePoint API access (SSOM)  Customizations to file system or servers  Hosted in same process as SharePoint  Classic model since 2007  New Apps model  Deployed from corporate catalog or Office Store  Runs outside of SharePoint process  Can be deployed on Azure, IIS, Apache,…  Simple install and upgrade process Code sandboxed solutions are deprecated in SharePoint 2013
  6. 6. Cloud, On-Premise, and Hybrid • Cloud – Azure AD (WAAD) in O365 – Apps use OAuth • On-Premises – Apps user cert based trust – On-prem to on-prem • Hybrid – Combination of Azure AD and on-prem SharePoint Azure AD Office 365App App SharePoint
  7. 7. Bram de Jager SharePoint-hosted apps on-premise and online
  8. 8. Scenario • Build simple SharePoint-hosted app (list count) • Deploy to on-premise App Catalog • Deploy to online App Catalog • Show lists in SharePoint Client Browser
  9. 9. Limitations SharePoint-hosted • No custom server-side code (only HTML & JavaScript) – Only supports current user in a page – Can’t use elevated privileges • No off-box logic – Based on event in SharePoint – No timer jobs available
  10. 10. INSIDE OAUTH Developing hybrid SharePoint apps that run on-premise and in the cloud
  11. 11. Access token and issuer
  12. 12. OAuth-authenticated request POST http://teams.contoso.com/sites/dev/_api/client.svc/ProcessQuery HTTP/1.1 Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJhdWQiOi... Content-Type: text/xml Host: teams.contoso.com Content-Length: 615 Expect: 100-continue Accept-Encoding: gzip, deflate <Request AddExpandoFieldTypeSuffix="true" SchemaVersion="15.0.0.0" LibraryVersion="15.0.0.0" ApplicationName=".NET Library" xmlns="http://schemas.microsoft.com/sharepoint/clientquery/2009"><Actions><ObjectPath Id="41" ObjectPathId="40" /><ObjectPath Id="43" ObjectPathId="42" /><Query Id="44" ObjectPathId="42"><Query SelectAllProperties="false"><Properties><Property Name="Title" ScalarProperty="true" /></Properties>…
  13. 13. Decoded access token { "typ":JWT "alg":RS256 "x5t":34-64-C5-BD-D2-BE-7F-2B-61-12-E2-F0-8E-9C-00-24-E3-3D-9F-E0 } { "aud": "00000003-0000-0ff1-ce00-000000000000/teams.contoso.com@3c2483eb-b061-4985-9bac-da7989c7f820", "iss": "de89e8c4-9f67-48b7-bf42-368af4db1369@3c2483eb-b061-4985-9bac-da7989c7f820", "nbf": "1372429268", (Friday June 28 2013 23:44:38) "exp": "1372429868", (Friday June 28 2013 23:56:28) "nameid": "s-1-5-21-785527463-2883119929-1484527358-500", "nii": "urn:office:idp:activedirectory", "actortoken": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IjNUYnY3cThmZzhGVWg5YkdyZnVtS3FUR1VZSSJ9.eyJhdWQiOiIwMDAwMDAwMy0 wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAvdm0tc3AtMDFAM2MyNDgzZWItYjA2MS00OTg1LTliYWMtZGE3OTg5YzdmO DIwIiwiaXNzIjoiYTU4ZTIzNDctMGVhZC00YmEwLWI0YjctNzUxMjBhYTA5ZTRlQDNjMjQ4M2ViLWIwNjEtNDk4NS05YmFjLWRhNzk4OW M3ZjgyMCIsIm5iZiI6IjEzNzI0MjkyNjgiLCJleHAiOiIxNDMyNDI5MjY4IiwibmFtZWlkIjoiZGU4OWU4YzQtOWY2Ny00OGI3LWJmNDItMzY4 YWY0ZGIxMzY5QDNjMjQ4M2ViLWIwNj…" }
  14. 14. Online authentication
  15. 15. On-premise authentication
  16. 16. Bram de Jager Building a High-Trust (S2S) app on-premise
  17. 17. Scenario • Setup the server-to-server (S2S) trust • Build a High-Trust app • Show the “on behalf of”
  18. 18. HYBRID APPS Developing hybrid SharePoint apps that run on-premise and in the cloud
  19. 19. Hybrid app
  20. 20. Office Developer Tools support • In Visual Studio 2012 the app checks availability of the ContextToken (present or not) – TokenHelper class, app helper class • Visual Studio 2013 with the new release of Office Developer Tools introduces a new class – SharePointContext class, takes care of switching between ACS or S2S trust
  21. 21. Bram de Jager Building a Hybrid app
  22. 22. Scenario • Set-up trust between on-premise SharePoint Farm and Azure Control Services (ACS) • Build Hybrid SharePoint app that runs in – SharePoint on-premise – SharePoint Online
  23. 23. WRAP UP Developing hybrid SharePoint apps that run on-premise and in the cloud
  24. 24. Summary • The new App model is designed for both cloud and on- premise • Use the high-trust (S2S) authentication model for on- premise scenarios • In a hybrid environment connect on-premise SharePoint farms to Apps in the cloud • Build a single codebase hybrid App that works both on- premise as in the cloud
  25. 25. Key takeaways • Understanding authentication flow is a must for every developer • Don’t use Visual Studio 2012 any more • Use Visual Studio 2013, make life a lot easier!
  26. 26. Resources • Decode JWT, http://openidtest.uninett.no/jwt • How to: Use an Office 365 SharePoint site to authorize provider-hosted apps on an on-premises SharePoint site, http://msdn.microsoft.com/en- us/library/office/dn155905(v=office.15).aspx – Microsoft Online Services Sign-In Assistant for IT Professionals RTW (64-bit), http://www.microsoft.com/en- us/download/details.aspx?id=41950 – Microsoft Online Services Module for Windows PowerShell (64- bit), http://go.microsoft.com/fwlink/p/?linkid=236297
  27. 27. Thank you • http://bramdejager.wordpress.com • @bramdejager • bram.de.jager@macaw.nl • http://spcb.codeplex.com

×