Andrew Connell presented on building apps for SharePoint 2013. He discussed the SharePoint app model and app identity. The app model supports apps hosted in Office 365 and on-premises farms. Apps communicate with SharePoint using web services and have their own identity and permissions. Authentication can occur through OAuth or high-trust authentication using server-to-server certificates. Apps can be installed at the site or tenant level and can integrate client-side or server-side code depending on if they are SharePoint-hosted, auto-hosted, or provider-hosted.
This document provides an overview of provider hosted apps in SharePoint 2013. It discusses what SharePoint apps are, the different types of apps, and the definition of host and app webs. It also covers how to create a high trust provider hosted app, including debugging, packaging, and deployment. The presentation includes a demo and questions from attendees.
SPCA2013 - Developing Provider-Hosted Apps for SharePoint 2013NCCOMMS
The document discusses building apps for Microsoft platforms like Office 365 and SharePoint. It provides an overview of different types of apps like immersive full-page apps, app parts, and extension apps. It also covers topics like authentication, permissions, and using APIs and services to integrate apps across platforms and devices.
Developer’s Independence Day:Introducing the SharePoint App Modelbgerman
The document introduces the SharePoint app model, which modernizes SharePoint development. It discusses moving from the MS DOS application model to a more modern approach with app isolation, process isolation, and app-based permission schemes. It covers SharePoint hosted apps and provider hosted apps, and demonstrates examples of each. The document also discusses accessing SharePoint data through REST APIs and the client-side object model, and authentication approaches like OAuth.
Developing SharePoint 2013 apps with Visual Studio 2012 - SharePoint Connecti...Bram de Jager
The new SharePoint App Model provides different ways of building apps. As a developer you have to choose between development techniques, hosting options and more. This session discusses the architecture, various types of apps, application identity and permissions, and how to build these different types of apps.
The session contains demos covering building SharePoint-hosted apps, implementing SharePoint 2013 chrome control, setting the right permissions, and more with Visual Studio 2012.
Developing SharePoint 2013 apps with Visual Studio 2012 - Microsoft TechDays ...Bram de Jager
The new SharePoint App Model provides different ways of building apps. As a developer you have to choose between development techniques, hosting options and more. This session discusses the architecture, various types of apps, application identity and permissions, and how to build these different types of apps. The session contains demos covering building SharePoint-hosted apps, implementing SharePoint 2013 chrome control, setting the right permissions, and more with Visual Studio 2012.
Developing hybrid SharePoint apps that run on-premise and in the cloud - Bram...Bram de Jager
With the new SharePoint App model running outside the SharePoint worker process it introduces new authentication models. As a developer you don't want to build multiple versions of the same app implementing each authentication model separately. This session explains the differences between securing SharePoint apps with OAuth in Office 365 and S2S High Trust in on-premise deployments. You will learn how to build a single app that will run on-premise, online and hybrid SharePoint environments.
This document provides an overview of provider hosted apps in SharePoint 2013. It discusses what SharePoint apps are, the different types of apps, and the definition of host and app webs. It also covers how to create a high trust provider hosted app, including debugging, packaging, and deployment. The presentation includes a demo and questions from attendees.
SPCA2013 - Developing Provider-Hosted Apps for SharePoint 2013NCCOMMS
The document discusses building apps for Microsoft platforms like Office 365 and SharePoint. It provides an overview of different types of apps like immersive full-page apps, app parts, and extension apps. It also covers topics like authentication, permissions, and using APIs and services to integrate apps across platforms and devices.
Developer’s Independence Day:Introducing the SharePoint App Modelbgerman
The document introduces the SharePoint app model, which modernizes SharePoint development. It discusses moving from the MS DOS application model to a more modern approach with app isolation, process isolation, and app-based permission schemes. It covers SharePoint hosted apps and provider hosted apps, and demonstrates examples of each. The document also discusses accessing SharePoint data through REST APIs and the client-side object model, and authentication approaches like OAuth.
Developing SharePoint 2013 apps with Visual Studio 2012 - SharePoint Connecti...Bram de Jager
The new SharePoint App Model provides different ways of building apps. As a developer you have to choose between development techniques, hosting options and more. This session discusses the architecture, various types of apps, application identity and permissions, and how to build these different types of apps.
The session contains demos covering building SharePoint-hosted apps, implementing SharePoint 2013 chrome control, setting the right permissions, and more with Visual Studio 2012.
Developing SharePoint 2013 apps with Visual Studio 2012 - Microsoft TechDays ...Bram de Jager
The new SharePoint App Model provides different ways of building apps. As a developer you have to choose between development techniques, hosting options and more. This session discusses the architecture, various types of apps, application identity and permissions, and how to build these different types of apps. The session contains demos covering building SharePoint-hosted apps, implementing SharePoint 2013 chrome control, setting the right permissions, and more with Visual Studio 2012.
Developing hybrid SharePoint apps that run on-premise and in the cloud - Bram...Bram de Jager
With the new SharePoint App model running outside the SharePoint worker process it introduces new authentication models. As a developer you don't want to build multiple versions of the same app implementing each authentication model separately. This session explains the differences between securing SharePoint apps with OAuth in Office 365 and S2S High Trust in on-premise deployments. You will learn how to build a single app that will run on-premise, online and hybrid SharePoint environments.
One of the major changes in SharePoint 2013 is the introduction of apps. Apps for both SharePoint and Office provide a new model for developing, packaging and deploying custom solution for SharePoint.
This brief presentation will introduce the main aspects of the apps model introduced form Microsoft to addres custom features to SharePoint both on-premises and online.
This document summarizes a presentation about developing provider hosted SharePoint apps. It discusses:
1) What provider hosted apps are and how they are hosted outside of SharePoint and can be developed using any language.
2) The history of customizing SharePoint and how apps differ from past methods like farm solutions.
3) The options for hosting apps, including provider hosted, autohosted, and SharePoint hosted.
4) Considerations for providers like maintaining hosting costs and updating customers.
5) The development process including using Visual Studio and the app manifest to define permissions.
6) How to authenticate with OAuth and make calls to SharePoint using the client-side object model.
Developing hybrid SharePoint apps that run on-premise and in the cloud - ESPC...Bram de Jager
This document discusses developing hybrid SharePoint apps that can run both on-premise and in the cloud. It covers the new app model and authentication options for cloud, on-premise, and hybrid scenarios. The key aspects are using OAuth for cloud authentication, certificate-based trust for on-premise, and connecting on-premise farms to apps in the cloud for hybrid scenarios. Visual Studio 2013 tools simplify building single-codebase hybrid apps that work on-premise and in the cloud.
This sessions if for everybody that always wanted to know about SharePoint development, but didn’t have anyone to ask, or didn’t have opportunity to try on their own. We’ll show how to start with SharePoint development, what API to use, when to use client API, is server side object model deprecated, how to setup development environment and more tips & tricks which are not usually mentioned.
Building SharePoint 2013 Apps - Architecture, Authentication & Connectivity APISharePointRadi
This document provides an overview of building SharePoint 2013 apps, including their architecture, authentication, and connectivity APIs. It discusses the app infrastructure and how apps work, authentication models for apps, and the Connectivity API for accessing SharePoint data from apps. The presentation also covers server-side and client-side app hosting models, app shapes including full pages and parts, and the app manifest and package.
This document discusses SharePoint versions from 2007 to 2013 and describes two types of apps - SharePoint hosted apps, which store resources on the SharePoint server, and cloud hosted apps, which store resources remotely. It also shows how cloud hosted apps authenticate users through Windows Azure Access Control Service.
Understanding SharePoint Apps, authentication and authorization infrastructur...SPC Adriatics
This session will teach you everything that you need to know in order to understand SharePoint Apps, authentication and authorization. Learn about the different type of Apps, the underlying Apps architecture and how to configure an on-premises environment to support Apps. Also you will learn about the different authentications options available for integrating apps, devices, and applications for on-prem scenarios, in the cloud and hybrid.
Develop, Build, Package and Deploy Office Add-ins with Visual Studio - ESPC 2015Bram de Jager
Office Add-ins have been around for a while as VSTO packages, but things have changed with the introduction of Office 2013. A new App Model for Office provides add-ins who live both in the Office Desktop client and Office Online. Join this session to discover what Office Add-ins are, discover the latest changes and how to create them using standard-based technologies like HTML5, JavaScript and CSS3.
The session covers different types of Office Add-ins, like task pane, content add-ins for Word, Excel, PowerPoint and mail add-ins for Outlook. We'll talk about how to develop, build, package and deploy Office Add-ins. Demo's cover creating add-ins with Visual Studio and deploy them for availability in the store.
SPS Belgium 2015 - High-trust Apps for On-Premises DevelopmentEdin Kapic
This document summarizes the high-trust app model for on-premises SharePoint development. It discusses the differences between low-trust and high-trust app authentication, how high-trust apps use certificates instead of OAuth, and the prerequisites and mechanism for high-trust app authentication. It also covers some gotchas, using other authentication methods, technology stacks, extending the TokenHelper code, and provides examples of high-trust app projects and information sources.
Continuous Integration is a wonderful and popular practice in the software development universe. Yet, for whatever reason, it seems much less commonly utilized in the SharePoint community. SharePoint (naturally) throws a few wrinkles into the process, but no substantial roadblocks, and the benefits of CI can be realized just as well on SharePoint projects as anywhere else. In this session, you'll learn why you should implement a CI process and then see how to do it using TFS and Visual Studio.
Tutorial: Building Apps for SharePoint 2013 Inside and Outside of the Firewal...SPTechCon
This document provides an overview and agenda for a presentation on building apps for SharePoint 2013 both inside and outside the firewall. The presentation covers the SharePoint app model, app identity, authentication, authorization, OAuth, and client-side development. It also discusses SharePoint deployment options, the app architecture for SharePoint-hosted and cloud-hosted apps, creating app identities and permissions, and programming the client-side object model.
SharePoint 2013 introduces a new way to extend sites using apps that can be self-contained, cloud-hosted, or provider-hosted. There are three types of apps: full page apps that fill the entire page, app parts that surface in an iframe, and extension apps that extend the ribbon or menus. Apps can be SharePoint-hosted using only HTML/JavaScript, auto-hosted on Azure, or provider-hosted using custom infrastructure. Apps provide benefits like increased stability, easier maintenance, and quicker delivery, but have limitations around server-side code and customizing SharePoint features.
Introducing the new SharePoint 2013 app modelJeremy Thake
The document discusses the SharePoint 2013 app model and how it impacts and expands Azure development opportunities. It covers key topics like the app model, OAuth, the marketplace, getting started with apps, and using the Napa online app development tool. The app model introduces a new way of building and deploying solutions in SharePoint in a more packaged and reusable way compared to previous customization options. It also allows integration with external cloud services like Azure.
O365Con18 - External Collaboration with Azure B2B - Sjoukje ZaalNCCOMMS
This document discusses Azure Active Directory B2B collaboration, which allows organizations to securely share resources and applications with external users. It provides an overview of Azure B2B capabilities, including inviting guest users via email, setting conditional access policies, and customizing the user onboarding experience. The document demonstrates configuring Azure B2B through the Azure portal and PowerShell, and compares external sharing options in Azure B2B and Office 365 applications like SharePoint.
O365Con18 - Hybrid SharePoint Deep Dive - Thomas VochtenNCCOMMS
The document summarizes an Office 365 & SharePoint Connect 2018 presentation by Thomas Vochten on hybrid features. It provides an overview of hybrid capabilities like OneDrive, profiles, sites, and search. It covers the architecture and setup process, including creating a server-to-server trust with Azure Access Control Services. It also discusses troubleshooting tips, like ensuring proper licensing and identity synchronization. Hybrid features require different prerequisites and have limitations compared to on-premises versions.
O365Con18 - Introduction to Azure Web Applications - Eric ShuppsNCCOMMS
This document summarizes key aspects of developing multi-tenant applications for Office 365 and Azure Active Directory. It discusses topics such as the application model, security considerations, deployment options, and permissions and authentication methods. Challenges include a simplified authorization model tied to a single domain, lack of customization of the login experience, and incomplete development templates. The document provides guidance on configuration options, required permissions, and leveraging OAuth tokens and Azure AD for multi-tenant authentication.
Deep dive into SharePoint 2013 hosted apps - Chris OBrienChris O'Brien
Covers key aspects of SharePoint 2013 apps, with a focus on SharePoint-hosted apps. Includes detail on app parts, using web parts within an app, configuring SSL, troubleshooting apps and possible reasons to move away from a SharePoint-hosted app to a cloud app. Also covers "high-privilege" apps which provision to the host web.
This document provides an agenda for an Office Camp module on hooking Android apps into Office 365, SharePoint, and other Microsoft APIs. The agenda includes modules on setting up development environments, connecting to apps for SharePoint, Office 365 APIs, Apps for Office, and SharePoint APIs from Android. It also provides code samples and documentation for using the Azure Active Directory authentication library and Office 365 SDK for Android to authenticate users and make API calls to SharePoint and Office 365 from an Android app.
O365Con18 - Reach for the Cloud Build Solutions with the Power of Microsoft G...NCCOMMS
This document discusses Microsoft Graph and how it provides a unified REST API for accessing data and intelligence from Microsoft services like Office 365. It defines what a graph is, describes the benefits of Microsoft Graph over individual service APIs, demonstrates how to make requests to the Graph API via REST calls and language-specific SDKs, and provides resources for further information.
This document discusses authentication strategies for native mobile applications. It recommends using OAuth 2.0 with an authorization code grant to obtain access tokens securely without embedding credentials in the app. The key steps are: 1) opening a browser to request authorization; 2) handling the callback to exchange the authorization code for an access token; and 3) using the token to access APIs securely on behalf of the user. Authentication can leverage single sign-on or stored user identities.
This document discusses building provider-hosted apps that can access on-premise SharePoint 2013 data. It covers introducing apps and authentication, creating a basic out-of-the-box app, configuring an on-premise environment for apps including setting up certificates and trusts, and building an app that accesses SharePoint data on-premise using the Client Object Model. Demo sections walk through creating an app, setting up the environment, and adding code to retrieve and modify list data.
One of the major changes in SharePoint 2013 is the introduction of apps. Apps for both SharePoint and Office provide a new model for developing, packaging and deploying custom solution for SharePoint.
This brief presentation will introduce the main aspects of the apps model introduced form Microsoft to addres custom features to SharePoint both on-premises and online.
This document summarizes a presentation about developing provider hosted SharePoint apps. It discusses:
1) What provider hosted apps are and how they are hosted outside of SharePoint and can be developed using any language.
2) The history of customizing SharePoint and how apps differ from past methods like farm solutions.
3) The options for hosting apps, including provider hosted, autohosted, and SharePoint hosted.
4) Considerations for providers like maintaining hosting costs and updating customers.
5) The development process including using Visual Studio and the app manifest to define permissions.
6) How to authenticate with OAuth and make calls to SharePoint using the client-side object model.
Developing hybrid SharePoint apps that run on-premise and in the cloud - ESPC...Bram de Jager
This document discusses developing hybrid SharePoint apps that can run both on-premise and in the cloud. It covers the new app model and authentication options for cloud, on-premise, and hybrid scenarios. The key aspects are using OAuth for cloud authentication, certificate-based trust for on-premise, and connecting on-premise farms to apps in the cloud for hybrid scenarios. Visual Studio 2013 tools simplify building single-codebase hybrid apps that work on-premise and in the cloud.
This sessions if for everybody that always wanted to know about SharePoint development, but didn’t have anyone to ask, or didn’t have opportunity to try on their own. We’ll show how to start with SharePoint development, what API to use, when to use client API, is server side object model deprecated, how to setup development environment and more tips & tricks which are not usually mentioned.
Building SharePoint 2013 Apps - Architecture, Authentication & Connectivity APISharePointRadi
This document provides an overview of building SharePoint 2013 apps, including their architecture, authentication, and connectivity APIs. It discusses the app infrastructure and how apps work, authentication models for apps, and the Connectivity API for accessing SharePoint data from apps. The presentation also covers server-side and client-side app hosting models, app shapes including full pages and parts, and the app manifest and package.
This document discusses SharePoint versions from 2007 to 2013 and describes two types of apps - SharePoint hosted apps, which store resources on the SharePoint server, and cloud hosted apps, which store resources remotely. It also shows how cloud hosted apps authenticate users through Windows Azure Access Control Service.
Understanding SharePoint Apps, authentication and authorization infrastructur...SPC Adriatics
This session will teach you everything that you need to know in order to understand SharePoint Apps, authentication and authorization. Learn about the different type of Apps, the underlying Apps architecture and how to configure an on-premises environment to support Apps. Also you will learn about the different authentications options available for integrating apps, devices, and applications for on-prem scenarios, in the cloud and hybrid.
Develop, Build, Package and Deploy Office Add-ins with Visual Studio - ESPC 2015Bram de Jager
Office Add-ins have been around for a while as VSTO packages, but things have changed with the introduction of Office 2013. A new App Model for Office provides add-ins who live both in the Office Desktop client and Office Online. Join this session to discover what Office Add-ins are, discover the latest changes and how to create them using standard-based technologies like HTML5, JavaScript and CSS3.
The session covers different types of Office Add-ins, like task pane, content add-ins for Word, Excel, PowerPoint and mail add-ins for Outlook. We'll talk about how to develop, build, package and deploy Office Add-ins. Demo's cover creating add-ins with Visual Studio and deploy them for availability in the store.
SPS Belgium 2015 - High-trust Apps for On-Premises DevelopmentEdin Kapic
This document summarizes the high-trust app model for on-premises SharePoint development. It discusses the differences between low-trust and high-trust app authentication, how high-trust apps use certificates instead of OAuth, and the prerequisites and mechanism for high-trust app authentication. It also covers some gotchas, using other authentication methods, technology stacks, extending the TokenHelper code, and provides examples of high-trust app projects and information sources.
Continuous Integration is a wonderful and popular practice in the software development universe. Yet, for whatever reason, it seems much less commonly utilized in the SharePoint community. SharePoint (naturally) throws a few wrinkles into the process, but no substantial roadblocks, and the benefits of CI can be realized just as well on SharePoint projects as anywhere else. In this session, you'll learn why you should implement a CI process and then see how to do it using TFS and Visual Studio.
Tutorial: Building Apps for SharePoint 2013 Inside and Outside of the Firewal...SPTechCon
This document provides an overview and agenda for a presentation on building apps for SharePoint 2013 both inside and outside the firewall. The presentation covers the SharePoint app model, app identity, authentication, authorization, OAuth, and client-side development. It also discusses SharePoint deployment options, the app architecture for SharePoint-hosted and cloud-hosted apps, creating app identities and permissions, and programming the client-side object model.
SharePoint 2013 introduces a new way to extend sites using apps that can be self-contained, cloud-hosted, or provider-hosted. There are three types of apps: full page apps that fill the entire page, app parts that surface in an iframe, and extension apps that extend the ribbon or menus. Apps can be SharePoint-hosted using only HTML/JavaScript, auto-hosted on Azure, or provider-hosted using custom infrastructure. Apps provide benefits like increased stability, easier maintenance, and quicker delivery, but have limitations around server-side code and customizing SharePoint features.
Introducing the new SharePoint 2013 app modelJeremy Thake
The document discusses the SharePoint 2013 app model and how it impacts and expands Azure development opportunities. It covers key topics like the app model, OAuth, the marketplace, getting started with apps, and using the Napa online app development tool. The app model introduces a new way of building and deploying solutions in SharePoint in a more packaged and reusable way compared to previous customization options. It also allows integration with external cloud services like Azure.
O365Con18 - External Collaboration with Azure B2B - Sjoukje ZaalNCCOMMS
This document discusses Azure Active Directory B2B collaboration, which allows organizations to securely share resources and applications with external users. It provides an overview of Azure B2B capabilities, including inviting guest users via email, setting conditional access policies, and customizing the user onboarding experience. The document demonstrates configuring Azure B2B through the Azure portal and PowerShell, and compares external sharing options in Azure B2B and Office 365 applications like SharePoint.
O365Con18 - Hybrid SharePoint Deep Dive - Thomas VochtenNCCOMMS
The document summarizes an Office 365 & SharePoint Connect 2018 presentation by Thomas Vochten on hybrid features. It provides an overview of hybrid capabilities like OneDrive, profiles, sites, and search. It covers the architecture and setup process, including creating a server-to-server trust with Azure Access Control Services. It also discusses troubleshooting tips, like ensuring proper licensing and identity synchronization. Hybrid features require different prerequisites and have limitations compared to on-premises versions.
O365Con18 - Introduction to Azure Web Applications - Eric ShuppsNCCOMMS
This document summarizes key aspects of developing multi-tenant applications for Office 365 and Azure Active Directory. It discusses topics such as the application model, security considerations, deployment options, and permissions and authentication methods. Challenges include a simplified authorization model tied to a single domain, lack of customization of the login experience, and incomplete development templates. The document provides guidance on configuration options, required permissions, and leveraging OAuth tokens and Azure AD for multi-tenant authentication.
Deep dive into SharePoint 2013 hosted apps - Chris OBrienChris O'Brien
Covers key aspects of SharePoint 2013 apps, with a focus on SharePoint-hosted apps. Includes detail on app parts, using web parts within an app, configuring SSL, troubleshooting apps and possible reasons to move away from a SharePoint-hosted app to a cloud app. Also covers "high-privilege" apps which provision to the host web.
This document provides an agenda for an Office Camp module on hooking Android apps into Office 365, SharePoint, and other Microsoft APIs. The agenda includes modules on setting up development environments, connecting to apps for SharePoint, Office 365 APIs, Apps for Office, and SharePoint APIs from Android. It also provides code samples and documentation for using the Azure Active Directory authentication library and Office 365 SDK for Android to authenticate users and make API calls to SharePoint and Office 365 from an Android app.
O365Con18 - Reach for the Cloud Build Solutions with the Power of Microsoft G...NCCOMMS
This document discusses Microsoft Graph and how it provides a unified REST API for accessing data and intelligence from Microsoft services like Office 365. It defines what a graph is, describes the benefits of Microsoft Graph over individual service APIs, demonstrates how to make requests to the Graph API via REST calls and language-specific SDKs, and provides resources for further information.
This document discusses authentication strategies for native mobile applications. It recommends using OAuth 2.0 with an authorization code grant to obtain access tokens securely without embedding credentials in the app. The key steps are: 1) opening a browser to request authorization; 2) handling the callback to exchange the authorization code for an access token; and 3) using the token to access APIs securely on behalf of the user. Authentication can leverage single sign-on or stored user identities.
This document discusses building provider-hosted apps that can access on-premise SharePoint 2013 data. It covers introducing apps and authentication, creating a basic out-of-the-box app, configuring an on-premise environment for apps including setting up certificates and trusts, and building an app that accesses SharePoint data on-premise using the Client Object Model. Demo sections walk through creating an app, setting up the environment, and adding code to retrieve and modify list data.
Speaker: Dragan Panjkov;
In this session we will speak about SharePoint apps – new approach for development in new SharePoint. We will explain rationale behind Apps, basic concepts and various hosting options. We will also show you how to build your first app for SharePoint 2013.
The document discusses various capabilities that SharePoint add-ins can leverage, including automating business processes using workflow manager, communicating and collaborating using sites and social features, making search more relevant, accessing external data, and identity and security using OAuth authentication. It provides details on configuring authentication using server-to-server trust with an SSL certificate to enable calls between a client app and SharePoint without involving Azure Access Control.
SPTECHCON - Who are You and What Do You Want - Working with OAuth in SharePoi...Eric Shupps
This document discusses OAuth authentication in SharePoint 2013. It provides an overview of OAuth and how it manages identity and handles requests for trusted identity claims. It also covers how OAuth is used for on-premise apps and cloud apps to authorize access between servers, farms, and apps. The document includes an agenda that outlines key concepts like security token services, access tokens, realms, certificates and metadata configuration needed to implement OAuth authentication.
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...Brian Campbell
This document provides an overview of OAuth 2.0 and how it can be used to securely authorize access to APIs from mobile applications. It begins with an introduction to OAuth and discusses how it addresses issues with directly sharing passwords between applications. The document then outlines the basic OAuth flow, including key concepts like access tokens, authorization codes, and refresh tokens. It provides code snippets demonstrating an example OAuth flow for both Android and iOS, showing the HTTP requests and responses at each step.
Who Are You and What Do You Want? Working with OAuth in SharePoint 2013.Eric Shupps
The new SharePoint 2013 App model extends native SharePoint applications into the cloud, allowing developers to write applications that interact with SharePoint data remotely. With these new capabilities come additional challenges for managing security and user authorization via OAuth. Administrators, IT professionals, and developers should attend this session to familiarize themselves with the core concepts behind OAuth in SharePoint 2013, learn how best to configure and manage OAuth in their environment, and discover how OAuth is used in the SharePoint app model.
This document discusses securing SharePoint apps using OAuth authentication. It provides an overview of app authentication in SharePoint 2013, including the use of OAuth and app principals. The key points covered are:
- SharePoint 2013 supports app authentication using OAuth or on-premise using security token service.
- Apps are assigned a principal that is used to manage app permissions separately from user permissions.
- The OAuth workflow involves apps obtaining access tokens from Azure Access Control Service to make calls to SharePoint on behalf of users.
- App principals must be registered both with SharePoint and ACS, and include a client ID, client secret, and redirect URL.
(Almost) All About Apps for SharePoint 2013Dragan Panjkov
This slide deck is presented on Microsoft TechNet Day 2012, organized in Bosnia and Herzegovina. Main goal of this presentation is to introduce new SharePoint Apps to end users, developers and administrators.
Identity and Access (AD), Azure and Office 365: Building a Single Page Application (SPA) with ASP.NET Web API and Angular.js using Azure Active Directory to Log in Users
Spsbe15 high-trust apps for on-premises developmentBIWUG
This document summarizes the high-trust app model for on-premises SharePoint development. It discusses the differences between low-trust and high-trust app authentication, how high-trust apps use certificates instead of OAuth, and the prerequisites and mechanism for high-trust app authentication. It also covers some gotchas, using other authentication methods, technology stacks, extending the TokenHelper code, and provides examples of high-trust app projects and resources.
Shailen Sukul is a senior SharePoint architect who works with latest web technologies and SharePoint. He specializes in SharePoint installation, configuration, development and training. In his personal projects he prefers AWS and ASP.Net MVC. He maintains several open source SharePoint projects on CodePlex. You can follow him on Twitter or check out his blog for more information.
Biwug slideDesk first session 26/11/2013
This session is about an intro into the Apps model. There is much more to think about than just select what kind of type of app that you want to create.
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudDanny Jessee
This document provides information about Danny Jessee, a senior software engineer with 8 years of SharePoint development experience. It includes his credentials, contact information, and topics he can present on, such as features of secure applications, SharePoint 2010 authentication options, claims terminology and technology overview. It also lists some demos he can provide, including setting up a new SharePoint 2010 web application, integrating Facebook authentication using Azure AppFabric ACS, and further integrating Facebook data into SharePoint using the Facebook C# SDK.
Leveraging the azure cloud for your mobile appsMarcel de Vries
1) Mobile apps need data services to function but hosting your own services is difficult to scale as user bases grow rapidly. The cloud addresses this by allowing services to scale easily on a pay-as-you-go model.
2) Azure makes it simple to build and host mobile backend services using familiar web technologies like ASP.NET, WCF, and SQL. This avoids the complexity and costs of managing your own server infrastructure.
3) Securing mobile apps and services is important. Azure Access Control Service (ACS) allows apps to authenticate users via common identity providers like LiveID, Google, Facebook without having to integrate directly with each provider.
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...NCCOMMS
This document provides an overview of identity and authentication in SharePoint 2013 and Office 365. It begins with a primer on authentication and authorization concepts. It then covers Windows authentication, trusted claims providers, service delegation between servers, and authorization for apps. It discusses the various identity management options for integrating on-premises Active Directory with Office 365 through options like online IDs, directory synchronization, and federation.
SharePoint 2013 - What's new for Devs - Belgian IT Bootcamp 2012Joris Poelmans
SharePoint 2013 introduces a new app model that allows developers to build standalone apps that can be deployed in SharePoint. There are three types of apps: SharePoint-hosted apps, which are contained within a SharePoint site; provider-hosted apps, which reside outside of SharePoint but integrate with it; and auto-hosted Azure apps, which are hosted and provisioned automatically in Windows Azure. The new app model provides developers with increased flexibility and the ability to leverage existing web development skills.
Similar to Building Apps for SharePoint 2013 by Andrew Connell - SPTechCon (20)
Deep Dive into the Content Query Web Part by Christina Wheeler - SPTechConSPTechCon
Christina Wheeler gave a presentation on the Content Query Web Part (CQWP) in SharePoint. The CQWP aggregates content from lists and libraries to display on pages. It allows filtering, adding columns, and custom styling. New features in SharePoint 2010 include dynamic filters based on page fields and passing additional fields to the XSLT for rendering. The presentation covered building queries, controlling presentation, and resources for working with CAML.
NOW I Get It... What SharePoint Is, and Why My Business Needs It by Mark Rack...SPTechCon
This document discusses SharePoint and why it can be difficult to understand. It begins by explaining that there is a lot of information available about SharePoint but it is conflicting and noisy, making it hard to know where to start. It also notes that SharePoint requires changing how people work. The document then defines SharePoint as a collaboration and organization platform that can be customized. It provides tips to avoid SharePoint pain, such as not expecting clear error messages. Finally, it emphasizes the importance of joining the SharePoint community to learn from others.
“Managing Up” in Difficult Situations by Bill English - SPTechConSPTechCon
Managing yourself well is key to managing up successfully. This involves having strong core values, integrity, and boundaries. Having integrity means acting courageously according to reality. Focus on being competent in your work, building alliances, and having strong character. Maintain boundaries by controlling what you can - yourself - and setting limits. Communicate clearly with your manager and embrace problems, working to resolve them while building support from others. Your values and purpose should guide you, not just your current job.
Part I: SharePoint 2013 Administration by Todd Klindt and Shane Young - SPTec...SPTechCon
This document provides information about Todd Klindt and Shane Young, who are hosting a presentation on SharePoint topologies and hardware requirements. It introduces Todd as a long-time MVP who writes a blog and runs a company website. Shane is also introduced as an MVP, consultant, and writer. The agenda lists topics on SharePoint topologies, the three-tier farm model, scaling search, and production/development hardware requirements. Links are provided to Microsoft documentation and Rackspace websites for further information.
Part II: SharePoint 2013 Administration by Todd Klindt and Shane Young - SPTe...SPTechCon
This document contains biographies and contact information for Todd Klindt and Shane Young, who are speaking about installing SharePoint 2013. It provides details on Todd, including that he has been an MVP since 2006, writes a blog and book, and does consulting. For Shane it lists his role at SharePoint911 and as an MVP. The document then discusses stages of a SharePoint install including prerequisites, patches, setup, and service accounts needed. It also provides links to additional resources on installation topics.
Microsoft Keynote by Richard Riley - SPTechConSPTechCon
The document discusses a consistent and manageable app model for the future. It suggests opening up an app model that can be relied upon across today, tomorrow and into the future. The app model should provide stability and usability over time.
Ten Best SharePoint Features You’ve Never Used by Christian Buckley - SPTechConSPTechCon
1. Document Sets - Allow you to group multiple documents together and apply metadata and rules to the entire set. This enables managing work products containing several documents as a single deliverable.
2. Site Directory - Provides a centralized place to search and browse all sites in the farm in a hierarchical manner. This improves navigation and information discovery across sites.
3. Business Connectivity Services - Allows integrating SharePoint with line-of-business systems like SAP or Oracle using external content types. Users can then access and work with external data as if it were native SharePoint lists and libraries.
Looking Under the Hood: How Your Metadata Strategy Impacts Everything You Do ...SPTechCon
Christian Buckley gave a presentation on how metadata strategy impacts everything done in SharePoint. He discussed what metadata is, why taxonomy matters, the taxonomy component in SharePoint, and what it means to manage metadata. Effective metadata and taxonomy management is critical to driving search, social features, eDiscovery and automation in SharePoint. Governance is also important to help organize, optimize and manage systems and resources.
Law & Order: Content Governance Strategies by Chrisitan Buckley - SPTechConSPTechCon
The document profiles Christian Buckley, the Director of Product Evangelism at Axceler, who has experience working at Microsoft on the Managed Services team and as a consultant, as well as co-founding and selling a software company. It provides information on Buckley's books and social media profiles. The document also describes Axceler's mission of enabling enterprises to simplify, optimize and secure collaborative platforms like SharePoint through administration and migration software.
What IS SharePoint Development? by Mark Rackley - SPTechConSPTechCon
This document provides an overview of SharePoint development. It defines development as bringing something to a more advanced stage through elaboration or working out details. The document outlines different methods of SharePoint development including out of the box, SharePoint Designer, JavaScript/jQuery, PowerShell, and Visual Studio/.NET. For each method it describes what it is, benefits, disadvantages, and skills needed. It provides a comparison of the development options and emphasizes that the right development approach depends on the specific needs and environment.
The SharePoint and jQuery Guide by Mark Rackley - SPTechConSPTechCon
This document provides a summary of a presentation on using jQuery with SharePoint. It discusses:
- Why use jQuery with SharePoint to improve visuals, usability and rapid deployment of modifications.
- The basics of jQuery and how it can interact with SharePoint lists and forms through the client-side object model or SPServices.
- Best practices for deploying jQuery files and debugging jQuery code in SharePoint.
- Examples of using jQuery to read list items, interact with forms, and search the DOM.
The presentation concluded with a demonstration of integrating Bing Maps with SharePoint using jQuery.
Understanding and Implementing Governance for SharePoint 2010 by Bill English...SPTechCon
Governance involves a set of relationships and control mechanisms that balance competing interests between stakeholders to attain organizational goals. It connects risk, which stems from self-interested behavior, to compliance with standards and regulations. Most governance implementations that fail do so due to a lack of identified risks and compliance demands. SharePoint implementations can surface gaps in an organization's business model or culture if governance is not properly established.
Integrate External Data with the Business Connectivity Services by Tom Resing...SPTechCon
Tom Resing presents on integrating external data into SharePoint using Business Connectivity Services (BCS). BCS allows connecting to external systems and presenting the data in SharePoint as lists and columns. The presentation demonstrates creating an external content type to represent data from an external system and then consuming that content type to display external data in SharePoint lists and libraries. It also summarizes new features for BCS in SharePoint 2013, including performance improvements for external lists and the ability to export external list data to Excel.
Converting an E-mail Culture into a SharePoint Culture by Robert Bogue - SPTe...SPTechCon
This document discusses converting from an email culture to using SharePoint. It notes that while email usage remains high, social media says email is dead. Email acts as an addiction for many due to expectations of rapid responses. Barriers to adopting SharePoint include lack of training and resources. Changing culture requires creating urgency, forming coalitions for change, and removing obstacles to build a new corporate culture anchored in SharePoint rather than email.
Tutorial: Best Practices for Building a Records-Management Deployment in Shar...SPTechCon
The document discusses building a records management system in SharePoint 2010. It covers understanding your business needs, conducting an ECM assessment, defining what constitutes a record, building a records architecture, and key decision points when building a records management system in SharePoint. The presentation is delivered by Bill English, a SharePoint MVP, consultant, and conference speaker based in Minnesota.
Tutorial: Building Business Solutions: InfoPath & Workflows by Jennifer Mason...SPTechCon
This document discusses using InfoPath and workflows to build business solutions in SharePoint. It covers topics like choosing between InfoPath forms and list forms, requirements gathering, different types of workflows, and the user experience. The presenter provides an agenda and overviews of concepts like forms, data connections, rules, and workflow types before demonstrating specific features and examples.
Creating Simple Dashboards Using Out-of-the-Box Web Parts by Jennifer Mason- ...SPTechCon
The document discusses how to create simple dashboards in SharePoint using out-of-the-box web parts. It provides an overview of the different types of web parts that can be used to build dashboards, including list, library, functional and Excel web parts. It also provides a step-by-step process for building a sample project dashboard that includes creating lists, adding lookups between lists, custom views, adding web parts to a page and configuring web part connections. The document concludes with a demonstration of dashboard creation.
Sponsored Session: Better Document Management Using SharePoint by Roland Simo...SPTechCon
1. The document discusses better document management in SharePoint using content types, metadata, and workflows.
2. Key steps include creating content types, associating metadata and columns to content types, enabling content types in libraries, and associating workflows with content types.
3. The Kodak Info Activate solution allows easy onboarding of documents through predefined jobs that enforce metadata and routing rules.
Sponsored Session: The Missing Link: Content-Aware Integration to SharePoint ...SPTechCon
The document discusses a presentation about Bottomline Technologies' Transform Filer product. Transform Filer allows users to index, store, and retrieve content from any source application into SharePoint with one-click. It addresses common content management challenges like siloed content and inefficient searching. The product was implemented by a government organization to easily integrate content from their JDE E1 and SharePoint platforms, reducing documentation processing time by 30%.
Creating a Great User Experience in SharePoint by Marc Anderson - SPTechConSPTechCon
This document contains various snippets of information on topics related to Microsoft SharePoint, including barriers to adoption such as mobile, social and cloud; the ratio of form to function in products; affective human-computer interaction; and instant gratification online. It also includes references to a study on user patience and provides contact information for SharePoint services and resources.
Creating a Great User Experience in SharePoint by Marc Anderson - SPTechCon
Building Apps for SharePoint 2013 by Andrew Connell - SPTechCon
1. Building Apps for SharePoint
2013
Andrew Connell
MVP, SharePoint Server
www.AndrewConnell.com @AndrewConnell
2. Andrew Connell
www.AndrewConnell.com
me@AndrewConnell.com
@andrewconnell
www.CriticalPathTraining.com
www.Pluralsight.com
3. Agenda
SharePoint App Model
App Model Shapes
App Identity
Authentication
Authorization
OAuth
www.AndrewConnell.com @AndrewConnell
4. SharePoint 2013 Deployment Options
On-Premises
• Installed 100% on company servers
(aka: on-prem • Access to 100% of SharePoint’s features &
/ behind capabilities
firewall)
Hosted
(aka: Office • Installed 100% and managed in the cloud
• Most common context: Office 365 /
365 / SharePoint Online
SharePoint • Some features not available in the cloud
Online)
www.AndrewConnell.com @AndrewConnell
5. Overview of the SharePoint App Model
SharePoint app model based on these assumptions
Apps supported in Office 365 and in on-premises farms
App code never runs in SharePoint host environment
Apps talk to SharePoint using Web service entry points
App code is authenticated and has established identity
App has permissions independent of user permissions
Apps deployed to catalogs using a publishing scheme
Published apps are easier to find, install and upgrade
www.AndrewConnell.com @AndrewConnell
6. App Installation Scopes
Site-Scoped Installation
App is installed in a specific site
App is launched from same site
This site is known as host web
Tenancy-Scoped
Installation
App installed > app catalog site
App available many host webs
Host webs access one app instance
Centralizes app management
www.AndrewConnell.com @AndrewConnell
7. SharePoint App Architecture
SharePoint-Hosted Apps
App resources added to SharePoint host
Stored in child site known as app web
App can have client-side code
App cannot have server-side code
Cloud-Hosted Apps
App resources deployed on remote server
Remote site known as remote web
App can have client-side code
App can have server-side code
www.AndrewConnell.com @AndrewConnell
9. App Web
App web is created during app installation
App web created as child to site where app is installed
SharePoint-Hosted apps must create app web
App must add start page and related resources
App can add other SharePoint elements (e.g. lists)
Cloud-Hosted apps can create app web
Most cloud-hosted apps will not create an app web
Cloud-hosted app can create app web if needed
www.AndrewConnell.com @AndrewConnell
11. App Shapes
What SharePoint Tells you…
SharePoint-Hosted Apps
Cloud-Hosted Apps
What Visual Studio Forces You to Select…
SharePoint-Hosted App
Provider-Hosted App
Auto-Hosted App
www.AndrewConnell.com @AndrewConnell
12. App Shapes – What It Really Is
SharePoint-Hosted Apps
Everything resides in SharePoint
All Other Types
Majority resides external to SharePoint (IIS, Azure, etc.)
By default, don’t trigger creation of AppWeb…
Unless they include SharePoint artifacts
Auto-Hosted Apps
SharePoint handles deployment of external assets
Azure Web Site
SQL Azure Database
www.AndrewConnell.com @AndrewConnell
14. Authentication in SharePoint 2013
Authentication Flow in SharePoint 2013
User authentication stays the same with standard sites
In calls to app web, app authentication occurs internally
Internal authentication occurs in calls to app web
External authentication used for calls from remote web
Call context can contain both user and app identity
Requirements for establishing app identity
Host web application must be a claims-based
Incoming calls must target CSOM/REST endpoints
Supported CSOM/REST endpoints not extensible
www.AndrewConnell.com @AndrewConnell
15. User vs. App Authentication Flow
SharePoint Farm
Web Servers
SAML
call from user token
OAuth
call from app token
www.AndrewConnell.com @AndrewConnell
16. SharePoint 2013 Authentication Flow
start
authentication
request to set up call context
SAML Token? YES NO
app web with user identity
NO YES
set up call context
CSOM/REST user info
OAuth token? YES YES YES with user identity
endpoint? in token?
and app identity
NO
NO
set up call context
with app identity
NO
set up call context
end
with no identity
authentication
(anonymous access)
www.AndrewConnell.com @AndrewConnell
17. Provider-Hosted Apps & App Identity
• Apps can obtain an identity using one of two
methods:
High-Trust (via
OAuth (via
S2S Trust &
Azure ACS)
certificates)
www.AndrewConnell.com @AndrewConnell
18. OAuth 2.0 Primer
What is OAuth?
Internet protocol for creating and managing app identity
A cross-platform mechanism for authenticating apps
Internet standard used by Facebook, Google
and Twitter
SharePoint 2013 use OAuth to establish
app identity
SharePoint integration with OAuth based on Azure ACS
OAuth authentication used in Office 365 but not on-premises farms
www.AndrewConnell.com @AndrewConnell
19. Windows Azure ACS
Windows Azure Access Control Service (ACS)
Required to use OAuth with SharePoint 2013
ACS server acts as authentication server
ACS server must be trusted by content server
ACS server must be trusted by client app
How is ACS configured as authentication server?
It's configured automatically in Office 365 tenancies
Not supported in on-prem farms in SharePoint 2013
www.AndrewConnell.com @AndrewConnell
20. What is a Server-to-Server (S2S) Trust
Trusted connection between client app and SharePoint
Eliminates need for ACS when running apps in on-premises farm
Trust between servers configured using SSL certificates
App code requires access to private key of SSL certificate
Requires creating Security Token Service on SharePoint server(s)
www.AndrewConnell.com @AndrewConnell
21. Developing Apps that use S2S Trusts
What are the developer responsibilities with
an S2S app?
Expose an endpoint to SharePoint to
discover service metadata
Authenticate the user (can use Windows Auth, FBA, etc.)
Create security tokens to send to SharePoint server
Details of creating the S2S security token
S2S token like OAuth token but differs from
OAuth specification
Security token must contain app identity
Security token can optionally include user identity
Security token must be signed using certificate’s private key
www.AndrewConnell.com @AndrewConnell
22. OAuth & S2S Trusts
OAuth Enabled Apps
Before deployment marketplace, app must be registered with Azure ACS
Apps obtain their identity / token from Azure ACS
When calling SharePoint, app includes OAuth token
SharePoint trusts Azure ACS
On-Prem deployments will typically use S2S
Before deployment, app must be
registered with SharePoint
Developer registers a certificate with SharePoint & associates app with certificate
App creates token using private key of certificate
SharePoint trusts this token because it was signed with the private key
www.AndrewConnell.com @AndrewConnell
23. What You Might Not Be Aware Of: #1
OAuth is only supported in Office 365
No support in On-Prem deployments at RTM
Why?
Possible update to this story after RTM
Extra steps?
Hotfix?
Cumulative Update?
Service Pack?
Next Version?
www.AndrewConnell.com @AndrewConnell
24. Creating Apps with
Identities & Permissions
www.AndrewConnell.com @AndrewConnell
25. What You Might Not Be Aware Of: #2
Office 365 Azure != Windows Azure
Office 365 Azure Windows Azure
• “Private Cloud” • www.azure.com
• Azure Web Sites • Cloud services
• SQL Azure DBs • Web Sites
• Access Control Service • Virtual Machines
• Storage (blob / queue / table)
• Service Bus
• SQL Azure
• Access Control Service
•…
www.AndrewConnell.com @AndrewConnell
26. The Sandbox Isn’t Dead
Where you build sandbox solutions, try to replace them with
SharePoint Apps
There are many scenarios where Apps can’t replace sandbox
solutions
Some things are ONLY possible with sandboxed solutions in a
hosted deployment
Remember, they are deprecated, not dead!
www.AndrewConnell.com @AndrewConnell
27. App Model Parting Thoughts
SharePoint ALM has always been hard
.NET ALM > SharePoint ALM
More tools, more mature, more documentation & support
No longer limited to what SharePoint supports
Latest version of the .NET Framework
New “toys” (MVC, Entity Framework, etc)
Not limited to any technology stack / infrastructure
Working with service layer vs. server side API
More community tools & libraries to choose from
Can follow more “standards”
Don’t have to scale SharePoint, can now just scale the app
www.AndrewConnell.com @AndrewConnell
28. Questions? Want to Learn More?
www.CriticalPathTraining.com www.Pluralsight.com
Hands-On & Virtual Training On-Demand Training
SharePoint Courses for Everyone SharePoint Courses for Everyone
SharePoint 2007, 2010 & 2013 SharePoint 2007, 2010 & 2013
Developers, Administrators & End Users Developers, Administrators & End Users
Get Training How You Like it Individual, Small Business & Enterprise Plans
Hands-On (classroom with hands-on labs) Monthly or Annual Subscriptions
Online (live webcast with take-away labs) Watch Online & Offline
Private Classes Available for Large Groups Subscribers Have Access to Entire Catalog
www.AndrewConnell.com me@andrewconnell.com @AndrewConnell
Editor's Notes
You should understand how authentication flow works in SharePoint 2013. In a regular site (one that is not an app web), user authentication is essentially unchanged from SharePoint 2010. However, calls to app webs are authenticated with both user identity and app identity. When an app is running remotely, the app passes a security token to the SharePoint Web server to establish its identity. When an app creates a security token to send to a SharePoint Web server, it usually also includes the identity of the current user. However, it is also possible for an app to create a security token that is app-only which means it does not contain information about a specific user.Keep in mind that there are a few requirements for authenticating SharePoint app identity. First, the hosting Web Application must be a claims-based Web Applications. Also, incoming calls must target CSOM/REST endpoints as you will see in the next slide. Note that the supported CSOM/REST endpoints cannot be extended with custom Web services in SharePoint 2013. You can only authenticate an app using CSOM/REST entry points that ship with SharePoint 2013.
When SharePoint 2013 begins to authenticate an incoming request, it first looks to see if the incoming request contains a SAML token with a user identity. If the SharePoint 2013 authentication pipeline finds a SAML token, it can then assume that the incoming request was initiated by a user and not an app. Once it finds a SAML token, SharePoint 2013 then inspects the target URL of the incoming request to see whether it references a standard SharePoint site or a child site associated with a specific app (i.e. an AppWeb). If the incoming request targets a standard site, SharePoint 2013 conducts its authentication and authorization identically to how things worked in SharePoint 2010. If the incoming request targets an AppWeb, SharePoint 2013 initializes the call context with both a user identity and an app identity.When an incoming request does not contain a SAML token, SharePoint 2013 knows that a user did not initiate the request. In this scenario, the SharePoint 2013 authentication pipeline inspects the incoming request to see if it contains a security token identifying a provider-hosted app. The security token for an app can be created using OAuth when Office 365 and ACS is involved. If the security token for an app was created in a server-to-server (S2S) configuration, it will be similar to but slightly different from a valid OAuth token. Once SharePoint 2013 finds a security token identifying an app, it sets up call context with the app identity and optionally the user identity as well.
OAuth is an Internet security protocol for authenticating apps and authorizing them to access content on behalf of a specific user. Microsoft selected OAuth for app authentication with SharePoint 2013 because it provides a cross-platform mechanism for authenticating and authorizing apps. It is also noteworthy that the OAuth protocol is an increasingly popular Internet standard which is already used by sites that support apps such as Facebook, Google and Twitter. Note that these sites and SharePoint 2013 use OAuth version 2.0 which is significantly different from OAuth version 1.0.The OAuth protocol allows a SharePoint 2013 to authenticate a cloud-hosted app which is calling to a SharePoint site from across the network and to establish an identity for the app in the calling context. This makes it possible for SharePoint to manage permissions and enforce access control for apps separately from users. Note that the OAuth protocol has provisions to track app permissions in addition to app identity. However, SharePoint 2013 uses OAuth only to authenticate apps and establish app identity. SharePoint 2013 does not leverage to OAuth protocol in any way to track or pass permissions. Instead, SharePoint tracks all app permissions in its own internal databases.
Windows Azure Access Control Service (ACS) is a requirement for using the OAuth protocol with SharePoint 2013. The ACS server acts as authentication server. The SharePoint servers acting as the content servers must be configured to trust the ACS server. The client app must also be written to trust the ACS server as well. When you are using sites in an Office 365 tenancy, there is no need to configure a trust to ACS. That's because Office 365 and each new tenancy are preconfigured with trusts to the ACS authentication server. However, the same configuration is not done automatically performed for on-prem farms.
SharePoint 2013 makes it possible for Web servers in a SharePoint farm to respond and accept requests from a client app using a server-to-server (S2S) trust. This type of configuration can be used when deploying provider-hosted apps in a private network when it is beneficial to avoid any dependencies on ACS or any other servers running across the Internet. That means that all the servers involved can run behind a single firewall and on the same local area network.A S2S trust represents a trusted connection between a client app running on a local app server and the Web servers in the SharePoint farm. Configuring the trust requires an SSL certificate which is based on the URL with the DNS name (e.g https://appserver.wingtip.com) where the client app is located. The client app contains code which has access to the private key associated with the SSL certificate and it uses this private key to sign security tokens. On the SharePoint Web Server, you must create a security token service which can use the public key to authenticate and decrypt these security tokens generated by the client app.
There are several responsibilities for the developer when creating an S2S app. First, you must deploy the Web project that contains the implementation of the client app itself. Next, the client app must be configured to perform its own user authentication. This can be done using any supported style of authentication includingWindows Integrated Authentication, Basic Authentication,FBA, etc. Finally, the client app must create its own security tokens and sign them with the private key associated with the SSL certificate.Note that the security token created by a client app in the S2S trust scenario is like OAuth token but it differs from the OAuth specification in a few different ways. The security token created by a client app in an S2S trust must contain information that indicates the app identity. The security token created by a client app in an S2S trust usually contains information about the identity of the current user however this is not a requirement. Once the security token is created and contains the required information, it then must be signed with the private key before it is sent to SharePoint. This private key signing is what allows SharePoint to perform the authentication on calls originating from the client app.