Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Deep dive into SharePoint 2013 hosted apps - Chris OBrien


Published on

Covers key aspects of SharePoint 2013 apps, with a focus on SharePoint-hosted apps. Includes detail on app parts, using web parts within an app, configuring SSL, troubleshooting apps and possible reasons to move away from a SharePoint-hosted app to a cloud app. Also covers "high-privilege" apps which provision to the host web.

Published in: Technology, Design
  • Be the first to comment

Deep dive into SharePoint 2013 hosted apps - Chris OBrien

  1. 1. Deep-dive into SharePoint-hostedappsDEV 203Chris O‟Brien - MVP
  2. 2. About meIndependent ConsultantHead of Development, Content and Code Blog: Twitter: @ChrisO_Brien LinkedIn:
  3. 3. Why apps?End-user familiarityPhones, Windows 8 etc.Move server-side code off SharePoint..which solves MANY problems for Microsoft Game-changer for Office 365No more sandbox restrictions
  4. 4. Customizing SharePoint – official guidanceMicrosoft:The most important guidance we can give you isto develop an app for SharePoint rather than aclassic solution whenever you can.
  5. 5. App hosting optionsSharePoint-hostedJavaScript onlyCloud appProvider-hosted (YOU deal with hosting)–IIS, PHP/LAMP, something else!Auto-hosted (O365 + Azure)–E.g. automatically create database in SQL Azure
  6. 6. 3 decisions to make on appsAre we going to allow apps?Configuration, infrastructure, obtain wildcard SSL certificate etc.Are we going to allow ANY app from the SharePoint Store to beinstalled?Or are we going to restrict to certain „approved‟ apps via theinternal App Catalog?Will our own customisations be developed as apps?
  7. 7. The SharePoint apps “enterprise planning loop”DAY1:
  8. 8. The SharePoint apps “enterprise planning loop”DAY2:
  9. 9. The SharePoint apps “enterprise planning loop”DAY3:
  10. 10. The SharePoint apps “enterprise planning loop”DAY4:
  11. 11. The SharePoint apps “enterprise planning loop”DAY5:
  12. 12. The SharePoint apps “enterprise planning loop”DAY6:
  13. 13. How users obtain appsUser-driven:Public store (ifenabled)Internal “AppCatalog” – admin-approved appsAdministrator-driven:Installed toselected sites viaPowerShell“Tenant-install” –one sharedinstance (notinstance per site)
  14. 14. My app‟s architecture
  15. 15. Ingredients of a nice 2013 “learning” appCreates and uses some content types/lists/files in app webFetches some data from host web (with permission request)Uses JSOM/RESTProvisions an app part for UX within host webConsumes farm/tenant services e.g. search(SharePoint-hosted)
  17. 17. Developing SharePoint-hosted apps
  18. 18. SharePoint 2013 client APIs(for use in SharePoint-hosted apps)
  19. 19. Even though hosted on SP, app area is on an “isolated” domain(IIS web application)URL =–App prefix (configurable)–ID (generated on each install/upgrade)–App domain (should be a distinct domain)–App nameEffectively an IIS trick – content is in same site collection!Provides some security against XSS + allows identification of apprequestsHow the app web works
  20. 20. Accessing Site Contents page (ViewLsts.aspx)Accessing Site Settings page (Settings.aspx)Accessing Features pages(Features.aspx?Scope=Site/Web)Computer says no:
  21. 21. Yes:• ListView web part• XsltListView web part• Content Search web part• Search Core Resultsweb part• PageViewer web partNo:• Content Query web part• DataView web part• ..probably many othersWhich web parts can I use in the app web?
  22. 22. App parts
  23. 23. App parts - gotchasNeed appropriate JS files referenced See Stephane Eskeyens post -No _spPageContextInfo if code hosted in apppart Be careful if you have code which uses it But do have access to SPAppWebUrl/SPHostUrlNeed <meta http-equiv=”X-UA-Compatible”..elementUseful trick:App part pagedynamicallyresizing parentiFrame (usingpostMessage)
  24. 24. Apps which provision into thehost web
  25. 25. ..brand a SharePoint site?..provision files into a SharePoint site?..delete end-user data?ANSWER:If it has the right permissions, yes (*)Full Control of Web = do anything Host web considerations: can an app?* Assumes that:• User ALSO hasappropriatepermissionsOR• App uses “app-only” policy (notSP-hosted app)
  26. 26. Office 365 submission policy – no Full Control
  28. 28. Other things
  29. 29.  SPHostUrl bug – this URL param „lost‟ when navigatingaround app web (causing code to fail) Search bug – app with Permission Request forSearch/QueryAsUserIgnoreAppPrincipal gives “Onlytenant administrators can install this app” for on-premisesinstallationsALSO: can now run multiple app domains with reverseproxy/AAMBugs fixed in March 2013 update (all undocumented!)
  30. 30. Microsoft:Secure Sockets Layer (SSL) is a requirement for web applicationsthat are deployed in scenarios that support server-to-serverauthentication and app authentication. and SSL
  31. 31. Configuring SSL in devPre-reqs: DNS - entries created (wildcard for apps, unique IP for apps WA) IIS - ensure apps WA uses „All Unassigned‟Use SELFSSL to generate certs Sites (wildcard = *, or individual) Apps (wildcard = *Export as .pfx then import (SELFSSL bug)Re-bind certs in IISIISReset!
  32. 32. Continuous Integration for appsMicrosoft have released PS scripts See Works with on-premises or Office 365 Uses PS + .NET CSOM to install appSupport for: SharePoint-hosted apps Provider-hosted apps (via WebDeploy)Can be used with (TFS online)
  33. 33. Can I use navigation controls/providers? Unlikely. Providers have context of host web, not appweb. Static links likely to be betterWebDAV is disabled for appsSP-hosted apps currently cannot be used on SAMLclaims sitesOther notes:
  34. 34. Some beginner issues1. Error occurred in deployment step Install app for SharePoint: Sideloading of apps isnot enabled on this site You tried to “F5 deploy” to a site not based on Developer Site template OR sideloadingFeature is not activated2. JavaScript runtime error: Type is undefined JavaScript dependency issue – MicrosoftAjax.js needs to be earlier!3. App part difficulties (e.g. JavaScript errors) Need correct JS references – see Need AllowFraming tag and <meta http-equiv..tags No _spPageContextInfoTroubleshooting apps
  35. 35. Advanced topics1. Updatability – CSS/JS/images are difficult to update across app instances(OR SANDBOX!) ANSWER: Use Azure (or internally hosted location) to centralise2. Architecture – should I deploy to the host web? ANSWER :–Maybe, if the app is trusted–But what is the app framework giving you over a sandbox/farm solution?Designing SharePoint-hosted apps
  36. 36. Possible reasons for cloud appNeed to go beyond JavaScriptto develop functionality E.g. service layer E.g. use of back-end non-SharePoint dataNeeds Remote EventReceivers (app installed, appupgraded etc.)Needs scheduled processOn-prem SharePoint sitesusing SAML claimsYou don‟t want to developentire app in JavaScript OR, you want to leverage.Net/PHP/whatever skills
  37. 37. Thank you for attending!