The SharePoint 2013 App Model

18,176 views
17,614 views

Published on

Speaker: Dragan Panjkov;

In this session we will speak about SharePoint apps – new approach for development in new SharePoint. We will explain rationale behind Apps, basic concepts and various hosting options. We will also show you how to build your first app for SharePoint 2013.

Published in: Technology
3 Comments
11 Likes
Statistics
Notes
No Downloads
Views
Total views
18,176
On SlideShare
0
From Embeds
0
Number of Embeds
98
Actions
Shares
0
Downloads
706
Comments
3
Likes
11
Embeds 0
No embeds

No notes for slide
  • Why suddenly apps – my feeling in februaryChoice of words – angry birds – sharepoint enterprise platform?Let’s look at the reasons
  • How will the users be using the application?How will the application be deployed into production and managed?What are the quality attribute requirements for the application (security, performance, concurrency, localization, and configuration)How can the application be designed to be flexible and maintainable over time?
  • Permission rights indicate what an app is permitted to do within a scope. SharePoint supports four rights levels for content (there are others for things like search, term store, etc.):Read-OnlyWriteManageFull ControlUnlike SharePoint user roles, these rights levels are not customizableIf an app is granted permission to a scope, the permission applies to all children of the scopeIf an app is granted perms to an SPWeb, the app is also granted perms to each SPList in the SPWeb, and all SPListItems in each list, but NOT each subweb
  • An app uses permission requests to specify the permissions that it needsThe requests specify both the rights and scope which are neededScopes indicate where in the SharePoint hierarchy a permission request applies. SharePoint supports four different content scopes:SPSite—site collectionSPWeb—websiteSPList—listTenancy—the tenancy scope is at http://<sharepointserver>/<content>/<tenant>/There are also scopes for things like performing search queries, accessing taxonomy data, user profiles, etc.
  • Permission rights indicate what an app is permitted to do within a scope. SharePoint supports four rights levels for content (there are others for things like search, term store, etc.):Read-OnlyWriteManageFull ControlUnlike SharePoint user roles, these rights levels are not customizableIf an app is granted permission to a scope, the permission applies to all children of the scopeIf an app is granted perms to an SPWeb, the app is also granted perms to each SPList in the SPWeb, and all SPListItems in each list, but NOT each subweb
  • Wording hosted/provisioned
  • The SharePoint 2013 App Model

    1. 1. The SharePoint 2013 App ModelDRAGAN PANJKOV, PLANB.SHAREPOINT AND PROJECT CONFERENCE ADRIATICSZAGREB, 11/28/2012
    2. 2. sponsors
    3. 3. why appstypes, basic concepts, developmentdistribution, upgrade, on-prem config
    4. 4. why apps?
    5. 5. 4 questions for architects• How will the users be using the solution?• How will the solution be deployed into production and managed?• What are the quality attribute requirements for the solution (security, performance, concurrency, localization, and configuration)• How can the solution be designed to be flexible and maintainable over time?
    6. 6. evolution of customizations in SharePoint _api_vti_bin _vti_bin Declar. App & Workflow Events _api CSOM
    7. 7. apps…• …are not executed in SharePoint App pool• …are in most of the cases not even running on SP Server• …can have full trust, with user’s approval (OAuth)• …can access SharePoint Data• …can access outer world non-SharePoint Data• …can use any external resources• …can be executed in it’s own chrome, as app parts, or as SharePoint extensions
    8. 8. why apps• Isolated (safe!)• Multi-tenant• Multiple development possibilities (even non-MS stack)• Easier to deploy (no SharePointisms by deployment)• Easier to maintain (lifecycle – versioning, upgrades)• Manageable (Office Store, Corporate Catalog)• Cloud ready!
    9. 9. USER PERSPECTIVE
    10. 10. App types, basic concepts, development
    11. 11. common app architecture APP CSOM CSOM REST
    12. 12. sp app design - a choice of three approaches Developer-Hosted App SharePoint “Bring your own server hosting infrastructure” Your Hosted SiteCloud-based Apps Web Developers will need to isolate tenantsGet remote events fromSharePointUse CSOM/REST + Azure Auto-Provisioned App AzureOAuth to work with SP Windows Azure + SQL Azure SharePoint (from provisioned invisibly as apps are Web WebDeploy, installed DacPac) SharePoint-hosted App Parent Provision an isolated sub web on a parent Web web • Reuse web elements App Web (lists, files, out-of-box web parts) • No server code allowed; use client (from WSP) JavaScript for logic, UX animated
    13. 13. Comparing SharePoint Hosted vs. CloudHosted Apps SharePoint Hosted Cloud HostedApp Scope SharePoint Site Site or TenancyArchitecture Web Site Multi-Tenant AppDeveloper Skillset SharePoint + HTML/JS Full StackUI Technologies SharePoint + HTML/JS Any Web StackServer Code None AnyStorage Lists and Doc Libs AnyKey Limitations No Server Code Hosting Expertise Required
    14. 14. Choosing between Cloud-Hosted andSharePoint-Hosted.Cloud Hosted Apps SharePoint Hosted AppsPreferred hosting model for almost all Good for smaller apps & resourcetypes of apps storageFull power of web – choose your SharePoint-based; no server-side codeinfrastructure & technologyMay require your own hosting Automatically hosted in SharePointMay require you own handling of Inherent multitenancy & isolationmultitenancy & permission management
    15. 15. App Shapes for SharePoint Full page Implement complete app experiences to satisfy business scenarios Parts Create app parts that can interact with the SharePoint experience UI Command extensions Add new commands to the ribbon and item menus
    16. 16. App identity• Challenge with SPS2010 • Farm solutions – too much privileges - risk of RunWithElevatedPrivileges • Sandbox solutions – no RunWithElevatedPrivileges – always under user context• In SharePoint 2013 apps have their own identity and specific permissions • Installing user either grants or denies permissions to host web • Permission is explicitly given for a specific scope • App identity is passed around using oAuth tokens
    17. 17. App rights• Default rights : Read, Write, Manage and Full Control• Not possible to customize• Apps are granted permissions to a scope and all children of the scope• Defined in declarative XML
    18. 18. App scopes• SPSite – site collection• SPWeb – site• SPList• Tenancy• Other scopes (and rights) for performing search queries, accessing taxonomy data, user profiles, etc...
    19. 19. sharepoint apps: authentication and trust main SharePoint site app1 SharePoint site http://intranet.contoso.com http:// tenant-apphash1.contosoapps.com /sites/web/appguid http://apps-87e90ada14c175.contosoapps.com/sites/web/014c9c59-5d9c-4a59-a5ce-2116a4c90296
    20. 20. Azure Access Control Service (ACS)• ACS required with oAuth implementation in SharePoint 2013• How is the ACS server configured as the authentication server? • Automatically done for sites in Office 365 Preview • On-premise farms, a trust to ACS must be configured. Possible to avoid when using Server-to-server (S2S) trust
    21. 21. SharePoint 2013 Remote API _api is new alias for _vti_bin/client.svcServer Client REST CSOM OData JSON JavaScript Silverlight .Net CLR Library Library Library Custom Client Code
    22. 22. REST URLs in SharePoint 2013 • CSOM URLs can go through _api folder • Replace • http://sharepoint/_vti_bin/client.svc/web • With • http://sharepoint/_api/web • Example REST URLs targeting SharePoint sites • _api/web/lists • _api/web/lists/List1 • _api/web/?$select=title,id • /_api/web/lists/getByTitle(Consultants)/Items • ....
    23. 23. Provider Hosted – S2S• High trust applications used on-premise• Can assert any user’s identity• Requires configuration to establish trust between SharePoint farm and S2S app• Needs to be done for every S2S app
    24. 24. Configure S2S• App Isolation is configured• Disable App Principal check• Generate Public/Private certificate pair• Generate Client Id• Set up Security Token Issuer• Register App Principal• Update Web.config and ensure user profiles exist• http://www.binarywave.com/blogs/eshupps/Lists/Posts/Post.asp x?ID=267
    25. 25. APP DEVELOPMENT INTRO
    26. 26. azure autohosted apps SQL AZURE REST, CSOM SERVICES APP DATA
    27. 27. provider hosted apps DATABASES REST, CSOM SERVICES APP DATA
    28. 28. Autohosting is for team apps• Team apps• Resource tracking• Team processes• Event receivers• Individual productivity• Document assembly, etc.
    29. 29. deployment, upgrade, configuration
    30. 30. From Developer to End User Office and SharePoint Dev center Integrated Office Store TRIAL/ submission PURCHASE Office Store End users TRIAL/ PURCHASEDeveloper Vendor/ SharePoint Direct IT projects App Catalog IT admin
    31. 31. apps upgrade process animated
    32. 32. what to use and when?
    33. 33. Infrastructure configuration for SP Apps1) Wild card DNS entry for app domain2) Apps service application and subscription service created in environment hosting SP apps3) SharePoint application for routing the incoming requests to app DNS entry4) App catalog created for SharePoint applications to enable end users to utilize apps SharePoint farm http://*.apps 192.168.x.x
    34. 34. DNS configuration on-premises• Define wildcard DNS entry for apps • *.apps.contoso.com or something similar• Configure app address in SP side using Central Admin or PowerShell • One address per farm
    35. 35. App configuration for on-premises farm • Ensure that App service application and subscription service are created and running in farm • Subscription service is used to provide unique Site Collection ID for App Urlsmain SharePoint site app1 SharePoint site tenant- http://sp/sites/web http:// /sites/web/appguid apphash1.contosoapps.com http://apps-87e90ada14c175.contosoapps.com/sites/web/014c9c59-5d9c-4a59-a5ce-2116a4c90296 • Apps will be hosted on own domain, within their own frame • Leverages web browser same-origin policy for script isolation • URL naming – each app has unique URL – one app – one = URL • http://default-appUID.apps.contoso.com • appUID – combination of site collection ID and particular SPWeb where app is installed
    36. 36. get app to site collection• All site content provides functionality to add apps• Both market place and corporate catalog visible from single place• Users can add Apps to be available• Apps can request permissions, depending on implementation
    37. 37. resources• dev.office.com• blogs.msdn.com/b/officeapps• blog.tedpattison.net• http://www.andrewconnell.com/blog/archive/2012/10/02/fully- scripted-solution-for-creating-and-registering-self-signed- certs.aspx• http://www.binarywave.com/blogs/eshupps/Lists/Posts/Post.asp x?ID=267
    38. 38. questions?WWW.DRAGAN-PANJKOV.COM@PANJKOV
    39. 39. thank you.SHAREPOINT AND PROJECT CONFERENCE ADRIATICSZAGREB, 11/28/2012

    ×