Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Updating Legacy SharePoint Customizations to the Add-in Model
1.
2.
3. SharePoint add-in model
Legacy SharePoint customizations
Add-in model techniques
Updating UI and declarative customizations
Using the PnP Provisioning Engine
Updating timer job customizations
“Preferred modern approach” to development
4. Who here is a…
Developer?
System administrator?
Power user?
Others?
Have you heard of the SharePoint add-in model?
Maybe you know it as the app model?
What about the SharePoint client object model?
What version(s) of SharePoint?
5.
6. Many SharePoint customizations built before
SharePoint 2013 were deployed using:
Farm solutions (2007+)
Sandboxed solutions (2010)
Shortcomings of solutions
Full-trust code runs in the same process as SharePoint
Server file system footprint
Requires an app pool reset to deploy updates
Sandboxed solutions were severely constrained
7. Components hosted in isolated
add-in domain
Can use JavaScript, HTML, CSS,
declarative markup
No server-side code
8. Add-in components can be hosted
anywhere (cloud or on-premises)
Authorized using OAuth or the
JavaScript cross-domain library
Can use ANY implementation
language (ASP.NET, PHP, etc.)
9. The add-in model is a no-brainer for most new
development efforts
SharePoint Framework is NOT related to the add-in model
SharePoint Framework is complementary to the add-in model
What about all of our legacy customizations?
10.
11. Most legacy customizations fall into one of the
following categories:
User interface customizations
Custom master pages, branding, web parts
Declarative customizations
XML for custom site columns, content types, list instances
Timer job customizations
If you had to migrate to the cloud tomorrow,
where would you start?
12. Get a list of deployed solutions (farm and
sandboxed)
Using the UI or PowerShell
Map deployed code to functionality
Is anything no longer needed?
Determine if any no-code sandboxed solutions can be deployed to
SharePoint Online
Categorize customizations by type
13.
14.
15. Build and deploy add-ins using the add-in model
Add-in model techniques
Supported on-premises and in SharePoint Online
No magic bullet, lots of rework may be required
16. Getting away from legacy feature framework
Remote provisioning of assets
Making customizations with a “lighter touch”
When necessary, running custom server-side code
outside of SharePoint
17. Started by Microsoft in 2013
Improve developer productivity
PnP Core Component
CSOM extension methods
PowerShell cmdlets
Provisioning engine
Timer job framework
https://github.com/sharepoint/pnp
18.
19.
20. “Make SharePoint not look like SharePoint”
Use corporate logo and branding
Edit existing .master page or start from scratch
Minimal.master popular starting point
Issues with upgrades
SharePoint Online
Supported, NOT recommended
21.
22. “Change the appearance of these things”
DOM manipulation
Styling things
Hiding things
Embedded within pages
Master page <head> section
Content editor/script editor web parts
Overwriting out-of-the-box CSS files
23. “Lighter touch” UI customizations
Including themes and composed looks
Externalize CSS and JavaScript customizations
Remote provision these files where necessary
Reference using Alternate CSS URL
CustomAction script registrations
24.
25. Most common UI customization
Easy to build in Visual Studio
Design view removed from SharePoint Designer
No more Data View web parts or conditional formatting
Add-in parts not ideal
Loaded in <iframe>
Not responsive
26. App script parts
Reference external JavaScript
Define container <div> where content is loaded
Include in Content property of .webpart file
Remote provision to site web part gallery
SharePoint Framework
27.
28.
29. XML to define artifacts
Site columns
Content types
List definitions and instances
Visual Studio can generate
Elements.xml files
.NET code not required
Often deployed via sandboxed solutions
30. Sandboxed solutions include a DLL file in the
generated .wsp by default
Must be removed to deploy to SharePoint Online
34. “Save site as template”
Captures customizations to a site
Site columns and content types
List instances and list items
Branding assets and other files
Requires PnP-PowerShell
https://github.com/sharepoint/pnp-powershell
35. Generate provisioning template
Get-PnPProvisioningTemplate
XML file can be modified by hand or programmatically
Save copies of additional files if necessary
Write once, apply everywhere
Apply-PnPProvisioningTemplate
Development, staging, pre-production, production…
36.
37.
38. Run autonomously on a schedule
Run with elevated permissions
Execute against multiple sites
Log information and errors
39. Remote timer job
Console application
Scheduled to run via:
Windows Task Scheduler
Azure WebJob/Azure Scheduler
40. Define a class that inherits from TimerJob
Execution logic in TimerJobRun event
Instantiate class, set up authentication in Main()
User or service account
Client ID and secret values (app-only authentication)
Define sites where timer job should run
Call Run()
41.
42. Add-in model is capable and powerful enough
to handle most legacy customizations
Apply all customizations with a “lighter touch”
Remote provision assets
SharePoint Developer PnP: here to help!
Keep an eye on SharePoint Framework
43. Updating Legacy SharePoint Customizations to
the Add-in Model
Tooling up for SharePoint Framework
Individuals and organizations start
for free at pluralsight.com