Deep dive into SharePoint 2013 hosted apps - Chris OBrien


Published on

Covers key aspects of SharePoint 2013 apps, with a focus on SharePoint-hosted apps. Includes detail on app parts, using web parts within an app, configuring SSL, troubleshooting apps and possible reasons to move away from a SharePoint-hosted app to a cloud app. Also covers "high-privilege" apps which provision to the host web.

Published in: Technology, Design

Deep dive into SharePoint 2013 hosted apps - Chris OBrien

  1. 1. Deep-dive into SharePoint-hostedappsDEV 203Chris O‟Brien - MVP
  2. 2. About meIndependent ConsultantHead of Development, Content and Code Blog: Twitter: @ChrisO_Brien LinkedIn:
  3. 3. Why apps?End-user familiarityPhones, Windows 8 etc.Move server-side code off SharePoint..which solves MANY problems for Microsoft Game-changer for Office 365No more sandbox restrictions
  4. 4. Customizing SharePoint – official guidanceMicrosoft:The most important guidance we can give you isto develop an app for SharePoint rather than aclassic solution whenever you can.
  5. 5. App hosting optionsSharePoint-hostedJavaScript onlyCloud appProvider-hosted (YOU deal with hosting)–IIS, PHP/LAMP, something else!Auto-hosted (O365 + Azure)–E.g. automatically create database in SQL Azure
  6. 6. 3 decisions to make on appsAre we going to allow apps?Configuration, infrastructure, obtain wildcard SSL certificate etc.Are we going to allow ANY app from the SharePoint Store to beinstalled?Or are we going to restrict to certain „approved‟ apps via theinternal App Catalog?Will our own customisations be developed as apps?
  7. 7. The SharePoint apps “enterprise planning loop”DAY1:
  8. 8. The SharePoint apps “enterprise planning loop”DAY2:
  9. 9. The SharePoint apps “enterprise planning loop”DAY3:
  10. 10. The SharePoint apps “enterprise planning loop”DAY4:
  11. 11. The SharePoint apps “enterprise planning loop”DAY5:
  12. 12. The SharePoint apps “enterprise planning loop”DAY6:
  13. 13. How users obtain appsUser-driven:Public store (ifenabled)Internal “AppCatalog” – admin-approved appsAdministrator-driven:Installed toselected sites viaPowerShell“Tenant-install” –one sharedinstance (notinstance per site)
  14. 14. My app‟s architecture
  15. 15. Ingredients of a nice 2013 “learning” appCreates and uses some content types/lists/files in app webFetches some data from host web (with permission request)Uses JSOM/RESTProvisions an app part for UX within host webConsumes farm/tenant services e.g. search(SharePoint-hosted)
  17. 17. Developing SharePoint-hosted apps
  18. 18. SharePoint 2013 client APIs(for use in SharePoint-hosted apps)
  19. 19. Even though hosted on SP, app area is on an “isolated” domain(IIS web application)URL =–App prefix (configurable)–ID (generated on each install/upgrade)–App domain (should be a distinct domain)–App nameEffectively an IIS trick – content is in same site collection!Provides some security against XSS + allows identification of apprequestsHow the app web works
  20. 20. Accessing Site Contents page (ViewLsts.aspx)Accessing Site Settings page (Settings.aspx)Accessing Features pages(Features.aspx?Scope=Site/Web)Computer says no:
  21. 21. Yes:• ListView web part• XsltListView web part• Content Search web part• Search Core Resultsweb part• PageViewer web partNo:• Content Query web part• DataView web part• ..probably many othersWhich web parts can I use in the app web?
  22. 22. App parts
  23. 23. App parts - gotchasNeed appropriate JS files referenced See Stephane Eskeyens post -No _spPageContextInfo if code hosted in apppart Be careful if you have code which uses it But do have access to SPAppWebUrl/SPHostUrlNeed <meta http-equiv=”X-UA-Compatible”..elementUseful trick:App part pagedynamicallyresizing parentiFrame (usingpostMessage)
  24. 24. Apps which provision into thehost web
  25. 25. ..brand a SharePoint site?..provision files into a SharePoint site?..delete end-user data?ANSWER:If it has the right permissions, yes (*)Full Control of Web = do anything Host web considerations: can an app?* Assumes that:• User ALSO hasappropriatepermissionsOR• App uses “app-only” policy (notSP-hosted app)
  26. 26. Office 365 submission policy – no Full Control
  28. 28. Other things
  29. 29.  SPHostUrl bug – this URL param „lost‟ when navigatingaround app web (causing code to fail) Search bug – app with Permission Request forSearch/QueryAsUserIgnoreAppPrincipal gives “Onlytenant administrators can install this app” for on-premisesinstallationsALSO: can now run multiple app domains with reverseproxy/AAMBugs fixed in March 2013 update (all undocumented!)
  30. 30. Microsoft:Secure Sockets Layer (SSL) is a requirement for web applicationsthat are deployed in scenarios that support server-to-serverauthentication and app authentication. and SSL
  31. 31. Configuring SSL in devPre-reqs: DNS - entries created (wildcard for apps, unique IP for apps WA) IIS - ensure apps WA uses „All Unassigned‟Use SELFSSL to generate certs Sites (wildcard = *, or individual) Apps (wildcard = *Export as .pfx then import (SELFSSL bug)Re-bind certs in IISIISReset!
  32. 32. Continuous Integration for appsMicrosoft have released PS scripts See Works with on-premises or Office 365 Uses PS + .NET CSOM to install appSupport for: SharePoint-hosted apps Provider-hosted apps (via WebDeploy)Can be used with (TFS online)
  33. 33. Can I use navigation controls/providers? Unlikely. Providers have context of host web, not appweb. Static links likely to be betterWebDAV is disabled for appsSP-hosted apps currently cannot be used on SAMLclaims sitesOther notes:
  34. 34. Some beginner issues1. Error occurred in deployment step Install app for SharePoint: Sideloading of apps isnot enabled on this site You tried to “F5 deploy” to a site not based on Developer Site template OR sideloadingFeature is not activated2. JavaScript runtime error: Type is undefined JavaScript dependency issue – MicrosoftAjax.js needs to be earlier!3. App part difficulties (e.g. JavaScript errors) Need correct JS references – see Need AllowFraming tag and <meta http-equiv..tags No _spPageContextInfoTroubleshooting apps
  35. 35. Advanced topics1. Updatability – CSS/JS/images are difficult to update across app instances(OR SANDBOX!) ANSWER: Use Azure (or internally hosted location) to centralise2. Architecture – should I deploy to the host web? ANSWER :–Maybe, if the app is trusted–But what is the app framework giving you over a sandbox/farm solution?Designing SharePoint-hosted apps
  36. 36. Possible reasons for cloud appNeed to go beyond JavaScriptto develop functionality E.g. service layer E.g. use of back-end non-SharePoint dataNeeds Remote EventReceivers (app installed, appupgraded etc.)Needs scheduled processOn-prem SharePoint sitesusing SAML claimsYou don‟t want to developentire app in JavaScript OR, you want to leverage.Net/PHP/whatever skills
  37. 37. Thank you for attending!