3. Agenda
• Introduction to SharePoint 2013 apps
• Deployment options and design patterns
• Technologies used in app development
• Building a SharePoint-hosted app
5. Introducing apps
In SharePoint 2013 everything is an app …
In strict sense: “Apps are self-contained pieces of functionality
that extend the capabilities of a SharePoint site.”
6. App isolation: App web vs Host web
• Apps live in their own isolated environment called the “app
web”.
• The site in which they function is called the “host web”
APP1UID GUIDAPP1
10. Getting started with development
• Local development
• Has to be on Windows Server 2008 R2 (or later)
• Memory reqs have gone up – 12 GB RAM seems workable ... But
TechNet recommends 24 GB
• Extra configuration needed for app development
• Visual Studio 2012
• Remote development
• Sign up for Office 365 Developer Site
• Possible to use NAPA – app for building apps
11. SharePoint App UX
• Immersive App - app is shown full screen with
in a separate page
• Part - App is shown as a part on the
SharePoint page – similar experience to web
part
• UI Custom Actions – possible to make the App
available through ribbon or menu actions for
documents and items
See Apps for SharePoint UX design guidelines
15. Apps – three possible approaches
Developer-Hosted App
Cloud-based “Bring your own server hosting SharePoint Your Hosted
Apps infrastructure” Web Site
Developers will need to isolate
Get remote tenants
events from
SharePoint Azure Auto-
Use CSOM/REST Provisioned App SharePoint Azure
+ Windows Azure + SQL Azure
OAuth to work provisioned invisibly as apps Web
with SPS are installed
SharePoint-hosted App
Parent
Provision an isolated sub web
on a parent web Web
• Reuse web elements App Web
(lists, files, out-of-box web
parts)
• No server code allowed;
use client JavaScript for
logic, UX
16. Hosting: cloud vs SharePoint
Cloud Hosted Apps SharePoint Hosted Apps
Possible hosting model for almost all types Good for smaller apps
of apps
Choose your own infrastructure & SharePoint based; no server-side code
technology
May require your own hosting Automatically hosted in SharePoint
May require your own handling of Inherent multitenancy & isolation
multitenancy & permission management
17. App identity
• Challenge with SPS2010
• Farm solutions – too much privileges - risk of
RunWithElevatedPrivileges
• Sandbox solutions – no RunWithElevatedPrivileges – always under
user context
• In SharePoint 2013 apps have their own identity and
specific permissions
• Installing user either grants or denies permissions to host web
• Permission is explicitly given for a specific scope
• App identity is passed around using oAuth tokens
18. App scopes
• SPSite – site collection
• SPWeb – site
• SPList
• Tenancy
• Other scopes (and rights) for performing search queries,
accessing taxonomy data, user profiles, etc...
19. App rights
• Default rights : Read, Write, Manage and Full Control
• Not possible to customize
• Apps are granted permissions to a scope and all children of
the scope
• Defined in declarative XML
20. Azure Access Control Service (ACS)
• ACS required with oAuth implementation in SharePoint
2013
• How is the ACS server configured as the authentication
server?
• Automatically done for sites in Office 365 Preview
• On-premise farms, a trust to ACS must be configured. Possible to
avoid when using Server-to-server (S2S) trust
23. SharePoint 2013 CSOM and REST API
• Apps connect to SharePoint using
• SharePoint 2013 Client Side Object Model (CSOM)
• SharePoint 2013 REST API
• Javascript cross-domain library (SP.RequestExecutor.js)
• Main investments in 2013
• Client.svc is extended with REST capabilities
• Easier for javascript and non .NET code
• Implemented in accordance with oData protocol
• Programming style is largely unchanged
• New APIs for SharePoint Server functionality
• User Profiles, Search, Taxonomy, Feeds, ....
24. REST URLs in SharePoint 2013
• CSOM URLs can go through _api folder
• Replace
http://sharepoint/_vti_bin/client.svc/web
• With
http://sharepoint/_api/web
• Example REST URLs targeting SharePoint sites
• _api/web/lists
• _api/web/lists/List1
• _api/web/?$select=title,id
• /_api/web/lists/getByTitle('Consultants')/Items
• ....
25. ATOM XML vs JSON
• Response data format selected with ACCEPT header
• XML can be easier to deal with from managed code
• JSON easier to deal with using Javascript
• To get JSON response use “application/json”
http://sharepoint/_vti_bin/client.svc/web
28. SharePoint Hosted App
• App components are SharePoint components
• SharePoint list, site columns, content types
• CSOM and REST API
• Client web part
• Key Developer skills
• HTML5, CSS, Javascript
• Jquery, ASP.NET AJAX
• CSOM and REST API
• Silverlight
29. SharePoint Hosted App
• Installation of App creates child site in target site
• App can add declarative items to App Web
• App Web <-> Host Web communication: CSOM/REST or
Javascript cross-domain library
• Full client-side extension – no server-side code
• Custom Actions
• Client-side web parts
• Lists
• Site Pages
• CSS files
• Javascript files
32. Summary
Call to action:
• Sign up for Office 365 Developer Preview
• Watch developer videos around building SharePoint
2013 apps
• Register on www.biwug.be as a member to stay up
to date for local SharePoint 2013 sessions
• For more information or questions
• SharePoint 2013 Preview start page
• SharePoint 2013 Preview Developer documentation
• Developing Apps for SharePoint 2013 MSDN forum
• SharePoint 2013 Delicious links
• Yammer – https://www.yammer.com/spyam
Editor's Notes
APP1UID : unique ID given to each app installation in tenancy – makes each app domain uniqueGUIDAPP1: Name of the SPWeb under which the app is installed – allows devs to plugin
An app uses permission requests to specify the permissions that it needsThe requests specify both the rights and scope which are neededScopes indicate where in the SharePoint hierarchy a permission request applies. SharePoint supports four different content scopes:SPSite—site collectionSPWeb—websiteSPList—listTenancy—the tenancy scope is at http://<sharepointserver>/<content>/<tenant>/There are also scopes for things like performing search queries, accessing taxonomy data, user profiles, etc.
Permission rights indicate what an app is permitted to do within a scope. SharePoint supports four rights levels for content (there are others for things like search, term store, etc.):Read-OnlyWriteManageFull ControlUnlike SharePoint user roles, these rights levels are not customizableIf an app is granted permission to a scope, the permission applies to all children of the scopeIf an app is granted perms to an SPWeb, the app is also granted perms to each SPList in the SPWeb, and all SPListItems in each list, but NOT each subweb
Permission rights indicate what an app is permitted to do within a scope. SharePoint supports four rights levels for content (there are others for things like search, term store, etc.):Read-OnlyWriteManageFull ControlUnlike SharePoint user roles, these rights levels are not customizableIf an app is granted permission to a scope, the permission applies to all children of the scopeIf an app is granted perms to an SPWeb, the app is also granted perms to each SPList in the SPWeb, and all SPListItems in each list, but NOT each subweb