2. Chris O’Connor
Senior Consultant – OBS (Melbourne)
Blog : www.sharepointroot.com
Twitter : @GrumpyWookie
Father of three boys
Weekend MAMIL
Let’s go Mountain Biking !
3. Where have we come from ?
The new AppModel (SP2013) + Why ?
New thinking for developers
CSOM
REST
JSON
ODATA
OAUTH
4. Client/Server
Rich client + networked server
N-tier
Evolution of client/server (layers)
ASP Classic -> ASP.NET
MVC / MVVM
SharePoint
Features, Packages, Solutions
ASP.NET + SharePoint API
Office 365
SharePoint 2013
20. Visual Studio 2012
Need to install project templates
Microsoft Office Developer Tools for Visual Studio 2012
Via Web Platform Installer (WebPI)
http://tinyurl.com/platform-install
SharePoint Designer 2013
21.
22.
23. Napa
Office 365 Development tools
Add An App > SharePoint Store
Browser based tools
Works with ‘Developer Site’ on Office 365
Office 365 Developer Site
http://dev.office.com/
Sign up today !
24.
25.
26. - Run Project
- Remove App
- Properties
- Open in Visual Studio
- Share Project
- Publish
- Quick Open
31. Scope
List
WebSite
Site Collection
Tenancy
AppPermissionRequest
Read
Write
Manager
Full Control
32.
33.
34. Code Security
OAUTH – Security Protocol
Between Apps & Services
Without username/password
Works in conjunction with :
ACS – Access Control Services
STS – Security Token Service
35. OAUTH
Only for ‘cloud hosted’ apps
Provider Hosted
Azure Hosted
Pass tokens via IFRAME (!??!)
Need to do this way – avoid XSS
36.
37. Provider-Hosted
Any language / anything / anywhere
Azure-Hosted
.NET languages – C# / VB.NET
SharePoint-Hosted
JavaScript
jQuery
HTML
38. CSOM
REST
No Server Object Model (SharePoint.dll)
No code in the GAC
43. OData
Open Data Specification
CRUD operations via HTTP verbs
GET (default) – retrieve data
PUT – create new item
POST – update item
DELETE – remove item
44. OData is built upon message formats
AtomPub
XML
JSON
JavaScript Object Notation
Open Standards
47. SharePoint-Hosted -> Office 365
JavaScript + jQuery
REST – retrieve list of documents
Data formatted & returned as JSON
Display as HTML
ContextToken
Security
.
48. Where have we come from ?
The new AppModel (SP2013) + Why ?
New thinking for developers
CSOM
REST
JSON
ODATA
OAUTH
<< Security
<< Code
<< Data
49. Questions & Answers ??
More Information ??
Contact Me :
Blog : www.sharepointroot.com
Twitter : @GrumpyWookie
Session Title: Back to the Future with Client/Server Development
Session Description: With the new SharePoint 2013 platform, the application development model changes the ways that developers will approach a solution. This includes client-development concepts such as CSOM, REST, jQuery - AND - can also mean ASP.NET via custom apps hosted outside of SharePoint. This session will show an overview of this approach, and some code samples / examples / demos.
Speaker:Chris O'Connor
Track:Developer
Specialty:Branding and Design
Audience:Developer
02
04
06
08
10
12
14
15
16
18
Security – user has to approve app when adding – “do you trust this”
App Security – not person security
Protect data / avoid breach
View, Contribute, Manage, Full Control
Code – runs in an isolated “AppWeb”
Data – via XML / key-value pair
19
This slide depicts the high-level architecture of an app. You can see SharePoint can communicate with other services such as Windows Azure, or SQL Azure via REST and OData based services. Apps, running from either within an isolated SharePoint AppWeb or on a remote infrastructure such as Windows Azure, communicate back to SharePoint using the same REST & CSOM APIs, gaining permission to SharePoint sites using Windows Azure’s Access Control Service (ACS).
20
21
22-24
25
26
*** Visual Studio project – add different types of app
27
*** Visual Studio project – add different types of app
28
29
30
App Authentication and server-to-server services in SharePoint 2013 now support OAuth 2.0 authentication.OAuth is a security protocol which enables sharing limited information between applications and services, without sharing the actual username/password credentials. Specific resources can be identified for sharing using OAuth, using a different set of credentials, which cannot be used to access other restricted information from the Application / Service.