Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

SPUnite17 Timer Jobs Event Handlers

123 views

Published on

SharePoint Unite 2017 Session

Published in: Technology
  • Login to see the comments

  • Be the first to like this

SPUnite17 Timer Jobs Event Handlers

  1. 1. Timer Jobs and Event Handlers in SP Online Adis Jugo
  2. 2. Slide 3 Adis Jugo Microsoft MVP Office Development Microsoft MVP Office Servers and Services In IT for way too long (first money earned with development in 91) Still dreaming of a Ćevapi restaurant or a vineyard Director of Product Technology at skybow AG Born in Sarajevo, B&H, living in Bingen, Germany Blogger, speaker, author. adisjugo.com
  3. 3. What is this session about? • Daemons • Authentication • Timer Jobs • Event Handlers
  4. 4. Why this session • skybow Solution Studio Online • SaaS offering • 35000 users at the moment • Challenges: • Performance • Scalability • Robustness • Identity, Authentication and Authorization • Maintainability and operations
  5. 5. What are daemons • Software which runs as a background tasks • Timer • Continuous • Triggered
  6. 6. Daemons in SharePoint Development? • Event handlers • Lists • Items • Site • Security,,, • Timer Jobs • Timer Intervals • Always in context • Site context • User context • Change context • …
  7. 7. Our options in cloud?
  8. 8. Daemon options in cloud Flow Power User Logic Apps IT Pro Dev Web Jobs Dev Functions Dev
  9. 9. Flow Logic Apps Audience Office workers, business users IT pros, developers Scenarios Self-service Mission-critical Design Tool In-browser and mobile app, UI only In-browser and Visual Studio, Code view available DevOps Ad-hoc, develop in production source control, testing, support, and automation and manageability in Azure Resource Management Security Standard practices: data sovereignty, encryption at rest for sensitive data, etc. Security assurance of Azure: Azure Security, Security Center, audit logs, and more.
  10. 10. Daemon options in cloud Flow Power User Logic Apps IT Pro Dev Web Jobs Dev Functions Dev
  11. 11. Webjobs • Manually triggered or run on a schedule. • Continuously running (aka running constantly, all the time) • Triggered based on events in other Azure Services, • Storage Queue or Service Buss • Long running and Short Running • Implemented in any language as either a command-line executable or script • One size fits all
  12. 12. Azure Functions • Lightweight, flexible • More difficult to operate and manage • Consumption Plan • 5 minutes threshold • App Service Plan • Share resources with a Web App, API App, or Mobile App • Dedicated resources for long running / frequent Azure Functions
  13. 13. Functions WebJobs Scaling Configurationless scaling Scale with App Service plan Pricing Pay-per-use or part of App Service plan Part of App Service plan Run-type Triggered, scheduled (by timer trigger) Triggered, continuous, scheduled Trigger events Timer, Azure Cosmos DB, Azure Event Hubs, HTTP/WebHook, Azure App Service Mobile Apps, Azure Notification Hubs, Azure Service Bus, Azure Storage HTTP/WebHook, Timer, Queue, Blob In-browser development Supported Not Supported C# Supported Supported F# Supported Not Supported JavaScript Supported Supported Java Supported Not supported Bash Experimental Supported Windows scripting (.cmd, .bat) Experimental Supported PowerShell Experimental Supported PHP Experimental Supported Python Experimental Supported TypeScript Experimental Not Supported
  14. 14. Authentication Auth typeType Daemon Event Handler Delegated App Only Timer App Only
  15. 15. Azure Active Directory • Microsoft’s Cloud Identity service • Glue that holds all together Applications Devices Principals
  16. 16. Protocols supported by AD • WS-Federation • SAML-P • OAuth 2.0 • OpenID Connect
  17. 17. Protocol Endpoints
  18. 18. Azure AD Application mechanics
  19. 19. OAuth 2.0 •No capturing user credentials •Fine-grained access scopes •Supports MFA and federated user sign-in •Long-term access through refresh tokens
  20. 20. Auth flow
  21. 21. Germany: Postident
  22. 22. Start online bank account Post clerk performs the identification, issues identification confirmation You send the identification confirmation to bank Bank issues you a token device You perform the bank operations End
  23. 23. App Only • App Secret • App Certificate
  24. 24. Application Types Web Application Web Api Native App
  25. 25. Slide 26 Demo: AAD
  26. 26. Slide 27 Timer Jobs • Register an app in AAD • Add App-only permissions • Create a certificate • Store certificate credentials • Create an Azure Function • Read certificate • Create authentication token from certificate • Call SharePoint Logic
  27. 27. Slide 28 Get cert keys $certPath = "X:[path][certificatenname].cer" $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $cert.Import($certPath) $rawCert = $cert.GetRawCertData() $base64Cert = [System.Convert]::ToBase64String($rawCert) $rawCertHash = $cert.GetCertHash() $base64CertHash = [System.Convert]::ToBase64String($rawCertHash) $KeyId = [System.Guid]::NewGuid().ToString() Write-Output "Base 64 Certificate" Write-Output $base64Cert Write-Output "Base 64 Certificate Hash" Write-Output $base64CertHash Write-Output "Key ID" Write-Output $KeyId
  28. 28. Slide 29 Remote Event Receivers VS webhooks • RER • Provider Hosted AddIn • App Infrastructure • Webhooks • 1. ExpirationPeriod max 6 months. • 2. Only synchronous (“-ed” events), async (“-ing” events) are not possible.
  29. 29. Slide 30 Webhooks • Subscription to the specific SharePoint resource, ie. lists • Resource - The resource endpoint URL you are creating the subscription for. For example a SharePoint List API URL. • Server notification URL - Your service endpoint URL. HTTP POST • Expiration date – max six months • Client State - An opaque string passed back to the client on all notifications. You can use this for validating notifications, tagging different subscriptions, or other reasons.
  30. 30. Slide 31
  31. 31. Slide 32 Webhook validation req/resp • POST https://contoso.azurewebsites.net/your/webhook/service? validationToken={randomString}
  32. 32. Slide 33 Notifications • Inform your service endpoint that a change has happened on a subscription • Multiple notifications to your application may be batched together into a single request, if multiple changes occurred in the resource within the same time period. • The notification payload body will also contain your client state if you used it when creating the subscription. • The notification doesn't include any information about the changes that triggered it. Use GetChanges API
  33. 33. Slide 34
  34. 34. Slide 35 DEMO Create Webhook, send notifications
  35. 35. Slide 36 Error Handling • Any response with an HTTP status code outside of the 200-299 range, or that times out, will be attempted again over the next several minutes. • If the request is not successful after 15 minutes, the notification is dropped. • Future notifications will still be attempted to your application, although the service may remove the subscription if a sufficient number of failures are detected. • SharePoint performs a retry of 5 times with a 5 minute wait time between the attempts.
  36. 36. Slide 37
  37. 37. Slide 38 Reading the queue • Anything, really • Console app • Another Function • Web Job • Authentication • Read token from the request • Create new access token • User context (delegated) • App context (app only) => Elevated permissions simulation
  38. 38. Slide 39 Getting Changes ChangeToken lastChangeToken = null; lastChangeToken = new ChangeToken(); lastChangeToken.StringValue = string.Format("1;3;{0};{1};-1", listID, DateTime.Now.AddMinutes(-1).ToUniversalTime().Ticks.ToString()); ChangeQuery changeQuery = new ChangeQuery(false, true); changeQuery.Item = true; changeQuery.ChangeTokenStart = lastChangeToken; var changes = changedList.GetChanges(changeQuery); SPClientContext.Load(changes); SPClientContext.ExecuteQuery();
  39. 39. Slide 40 Complete End-To-End Flow
  40. 40. Slide 41 Recap • Daemons in SharePoint Online with Azure • Functions, Webjobs, etc. • Azure Active Directory functions as a glue • App Only permission for “timer jobs” • Impersonification (Delegated permissions) for event handlers • App only for event handlers when “elevated permissions” are needed • Azure is your best friend ☺
  41. 41. Plumbing is not easy (yet) • Series of blog posts at • http://adisjugo.com • @adisjugo
  42. 42. Thank you. Questions?

×