Build Secure Cloud-Hosted Apps for SharePoint 2013

19,540 views

Published on

Apps for SharePoint were introduced in SharePoint 2013 to maximize the level of capability and flexibility that developers can deliver without risking compromise to the farm. In this session, we will delve into apps that leverage resources running outside the SharePoint farm—whether in another on-premises web server or in the cloud. We will use server-side and client-side code to demonstrate how cloud-hosted apps can securely access data stored in SharePoint using the client object model (CSOM/JSOM) and REST APIs, along with the pros and cons associated with each approach. We will discuss the various permissions models associated with apps for SharePoint including types of app permissions, permission request scopes, and how app developers can manage permissions. We will conclude by building and provisioning a provider-hosted app for SharePoint to Office 365.

Published in: Software, Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
19,540
On SlideShare
0
From Embeds
0
Number of Embeds
16,108
Actions
Shares
0
Downloads
33
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • The way I look at it is that I can do just about everything I need to do using the CSOM within a specific site collection.
    The REST interface on the other hand is mostly brand new in the SharePoint 2013 release. There was a single service in SharePoint 2010 that we could use that enabled read/write to data within a list. The current REST implementation covers a huge area of SharePoint 2013.
    Rob Windsor Pluralsight course
  • Need to get a SharePoint context because we are outside the SharePoint server
    With a SharePointContext, we can get the necessary ClientContext
  • Same basic steps as CSOM:
    Create a ClientContext object, passing in the URL of a SharePoint site
    Call the Load() function to build the request query for any value properties your application needs to access
    Execute the query by calling the ExecuteQuery() function

  • Not a complete code sample
  • Not a complete code sample
  • HTTP verbs match to CRUD operations
  • HTTP verbs match to CRUD operations
  • You do not HAVE to have a local dev VM to do app development!
  • Data can be accessed securely, regardless of whether or not there is a firewall between SharePoint and the external web server
  • Foundation – no significant changes apart from REST support
    Server – new APIs added (Microsoft.SharePoint.Client.DocumentManagement, Microsoft.SharePoint.Client.Publishing, Microsoft.SharePoint.Client.Taxonomy, Microsoft.SharePoint.Client.UserProfiles)

    REST – based on SOAP, much simpler/easier to use

    Paging may not be supported/working from /_api endpoint

    Updates using REST require Form Digest (SharePoint pages contain control with form digest; can be acquired through /_vti_bin/sites.asmx)
  • Build Secure Cloud-Hosted Apps for SharePoint 2013

    1. 1. Join us at #SharePint sponsored by Metalogix at Clyde’s of Chevy Chase in the RaceCar Bar Downstairs Why? To network with fellow SharePoint professionals What? SharePint!!! When? 5:30 PM Where? RaceCar Bar Downstairs 5441 Wisconsin Ave Chevy Chase, MD 20815 Thanks to? Metalogix!
    2. 2. http://blogs.office.com/2014/05/16/update-on- autohosted-apps-preview-program/ http://msdn.microsoft.com/EN- US/library/office/dn722449%28v=office.15%29.aspx
    3. 3. Image from http://msdn.microsoft.com/en-us/library/fp179925.aspx
    4. 4. Image from http://msdn.microsoft.com/en-us/library/fp179930.aspx
    5. 5. $(document).ready(function () { hostweburl = decodeURIComponent(getQueryStringParameter("SPHostUrl")); var scriptbase = hostweburl + "/_layouts/15/"; $.getScript(scriptbase + "SP.UI.Controls.js", renderChrome); }); function renderChrome() { var options = { "appIconUrl": "", "appTitle": "CSOM/JSOM/REST demos", }; // Place the chrome control in the <div> with ID="chrome_ctrl_placeholder" var nav = new SP.UI.Controls.Navigation("chrome_ctrl_placeholder", options); nav.setVisible(true); }
    6. 6. http://aka.ms/officedevtoolsforvs2013 http://aka.ms/officedevtoolsforvs2012 http://www.nuget.org/packages/AppForSharePointWebToolkit
    7. 7. using Microsoft.SharePoint.Client;
    8. 8. var SharePointContextProvider using var
    9. 9. "//ajax.aspnetcdn.com/ajax/4.0/1/MicrosoftAjax.js" "//ajax.aspnetcdn.com/ajax/jQuery/jquery-1.9.1.min.js" var "SPHostUrl" var "SPAppWebUrl" var "/_layouts/15/" "SP.Runtime.js" function "SP.js" function "SP.RequestExecutor.js"
    10. 10. function var new var var new var new var
    11. 11. http://odata.org
    12. 12. URL Returns _api/web/title The title of the current site _api/web/lists/getByTitle('Announcements') The Announcements list _api/web/lists/getByTitle('Announcements')/fields The columns in the Announcements list _api/web/lists/getByTitle('Tasks')/items The items in the Tasks list _api/web/siteusers The users in the site _api/web/sitegroups The user groups in the site _api/web/GetFolderByServerRelativeUrl('/Shared Documents') The root folder of the Shared Documents library _api/web/GetFolderByServerRelativeUrl('/Plans') /Files('a.txt')/$value The file a.txt from the Plans library Table adapted from http://msdn.microsoft.com/en-us/magazine/dn198245.aspx
    13. 13. https://djsp.sharepoint.com/_api/web/title Danny's O365 Dev Tenant
    14. 14. CSOM REST Less “chatty” (requests can be batched) More “chatty” (no request batching) Handles the “plumbing” of calls to SharePoint Requires you to construct and manage your own HTTPRequest/Response objects Requires CAML for queries Uses standard OData vocabularies Can interact with managed metadata taxonomies and workflows No support for interacting with managed metadata taxonomies and workflows Easy to leverage third-party libraries (jQuery) Can be debugged using Fiddler No external assembly references required Table adapted from http://www.andrewconnell.com/blog/sharepoint-2013-csom-vs.-rest-...-my-preference-and-why
    15. 15. http://tools.ietf.org/html/draft-ietf-oauth-v2-22
    16. 16. Image from http://msdn.microsoft.com/en-us/library/fp142382.aspx
    17. 17. Requirement/Scenario OAuth Cross-domain I use client-side technologies (HTML + JavaScript). I want to use REST interfaces. There is a firewall between SharePoint and my remote app, and I need to issue the calls through the browser. My app needs to access resources as the logged-on user. My app needs to elevate privileges to other than those of the current logged-on user. My app needs to act on behalf of a user other than the one who is logged on. My app needs to perform operations only while the user is logged on. My app needs to perform operations even when the user is not logged on. Table from http://msdn.microsoft.com/en-us/library/fp179897.aspx
    18. 18. key ClientId value xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx key ClientSecret value xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=
    19. 19. http://msdn.microsoft.com/en-us/library/fp179924%28v=office.15%29 http://cloudshare.com http://portal.windowsazure.com
    20. 20. http://msdn.microsoft.com/library/fp179887%28v=office.15%29 http://msdn.microsoft.com/en-us/library/fp179899%28v=office.15%29 http://msdn.microsoft.com/en-us/library/fp179922%28v=office.15%29
    21. 21. http://msdn.microsoft.com/en-us/library/fp142383%28v=office.15%29 http://msdn.microsoft.com/en-us/library/fp142382%28v=office.15%29 http://msdn.microsoft.com/en-us/library/fp179927%28v=office.15%29
    22. 22. http://msdn.microsoft.com/en-us/library/fp179930.aspx http://msdn.microsoft.com/library/office/jj164060.aspx http://msdn.microsoft.com/en-us/library/office/fp179925 http://msdn.microsoft.com/en- us/library/office/fp179934%28v=office.15%29.aspx
    23. 23. http://blogs.msdn.com/b/visualstudio/archive/2014/03/03/announcing-office- developer-tools-for-visual-studio-2013-march-2014-update.aspx http://msdn.microsoft.com/en-us/library/jj220038.aspx http://msdn.microsoft.com/en-us/library/jj220041.aspx
    24. 24. http://msdn.microsoft.com/en- us/library/office/fp179886%28v=office.15%29.aspx http://msdn.microsoft.com/en-us/library/fp179897.aspx http://msdn.microsoft.com/en-us/library/fp142384.aspx
    25. 25. http://msdn.microsoft.com/en-us/library/office/fp179912 http://msdn.microsoft.com/en-us/library/office/jj163201 http://msdn.microsoft.com/en-us/library/office/jj164022
    26. 26. http://www.andrewconnell.com/blog/sharepoint-2013-csom-vs.-rest-...-my- preference-and-why http://msdn.microsoft.com/en- us/library/office/jj612823%28v=office.15%29.aspx
    27. 27. https://officeams.codeplex.com/ http://blogs.msdn.com/b/officeapps/archive/2013/11/07/announcing-the- new-sharepointcontext-helper-in-apps-for-sharepoint-2013.aspx

    ×