deep dive into sharepoint 2013 hosted apps - chris obrien
DESCRIPTION
Covers key aspects of SharePoint 2013 apps, with a focus on SharePoint-hosted apps. Includes detail on app parts, using web parts within an app, configuring SSL, troubleshooting apps and possible reasons to move away from a SharePoint-hosted app to a cloud app. Also covers "high-privilege" apps which provision to the host web.TRANSCRIPT
Deep-dive into SharePoint-hosted apps
DEV 203
Chris O’Brien - MVP
About me
Independent ConsultantHead of Development, Content and Code
Blog: www.sharepointnutsandbolts.com Twitter: @ChrisO_Brien LinkedIn:
http://uk.linkedin.com/in/chrisobrienmvp
Why apps?
End-user familiarityPhones, Windows 8 etc.
Move server-side code off SharePoint ..which solves MANY problems for Microsoft
Game-changer for Office 365No more sandbox restrictions
Customizing SharePoint – official guidance
Microsoft:
The most important guidance we can give you is to develop an app for SharePoint rather than a classic solution whenever you can.
http://msdn.microsoft.com/en-us/library/jj163114(office.15).aspx
App hosting options
SharePoint-hostedJavaScript only
Cloud appProvider-hosted (YOU deal with hosting)
–IIS, PHP/LAMP, something else!
Auto-hosted (O365 + Azure)–E.g. automatically create database in SQL Azure
Hybrid app
=
combination
3 decisions to make on apps
Are we going to allow apps?Configuration, infrastructure, obtain wildcard SSL certificate etc.
Are we going to allow ANY app from the SharePoint Store to be installed?Or are we going to restrict to certain ‘approved’ apps via the
internal App Catalog?
Will our own customisations be developed as apps?
The SharePoint apps “enterprise planning loop”
DAY
1:
The SharePoint apps “enterprise planning loop”
DAY
2:
The SharePoint apps “enterprise planning loop”
DAY
3:
The SharePoint apps “enterprise planning loop”
DAY
4:
The SharePoint apps “enterprise planning loop”
DAY
5:
The SharePoint apps “enterprise planning loop”
DAY
6:
How users obtain apps
User-driven:
Public store (if enabled)
Internal “App Catalog” – admin-
approved apps
Administrator-driven:
Installed to selected sites via
PowerShell
“Tenant-install” – one shared
instance (not instance per site)
My app’s architecture
Ingredients of a nice 2013 “learning” app
Creates and uses some content types/lists/files in app web
Fetches some data from host web (with permission request)
Uses JSOM/REST
Provisions an app part for UX within host web
Consumes farm/tenant services e.g. search
(SharePoint-hosted)
Demo
CUSTOM SHAREPOINT-HOSTED APPS
Developing SharePoint-hosted apps
SharePoint 2013 client APIs
(for use in SharePoint-hosted apps)
Even though hosted on SP, app area is on an “isolated” domain (IIS web application)URL = https://cob-387fbe6473fd9e.spapps.dev/MyApp
–App prefix (configurable)–ID (generated on each install/upgrade)–App domain (should be a distinct domain)–App name
Effectively an IIS trick – content is in same site collection!Provides some security against XSS + allows identification of app
requests
How the app web works
Accessing Site Contents page (ViewLsts.aspx)
Accessing Site Settings page (Settings.aspx)
Accessing Features pages (Features.aspx?Scope=Site/Web)
Computer says no:
Yes:
•ListView web part
•XsltListView web part
•Content Search web part
•Search Core Results web part
•PageViewer web part
No:
•Content Query web part
•DataView web part
•..probably many others
Which web parts can I use in the app web?
App parts
App parts - gotchas
Need appropriate JS files referenced See Stephane Eskeyens post -
http://www.silver-it.com/node/126
No _spPageContextInfo if code hosted in app part Be careful if you have code which uses it But do have access to SPAppWebUrl/SPHostUrl
Need <meta http-equiv=”X-UA-Compatible”.. element
Useful trick:
App part page
dynamically
resizing parent
iFrame (using
postMessage)
Apps which provision into the host web
..brand a SharePoint site?..provision files into a SharePoint site?..delete end-user data?
ANSWER: If it has the right permissions, yes (*)Full Control of Web = do anything
Host web considerations: can an app?
* Assumes that:
• User ALSO has appropriate
permissions
OR
• App uses “app-only” policy
(not SP-hosted app)
Office 365 submission policy – no Full Control
http://msdn.microsoft.com/en-us/library/jj938162.aspx
Demo
APPS WHICH PROVISION INTO THE HOST WEB
Other things
SPHostUrl bug – this URL param ‘lost’ when navigating around app web (causing code to fail)
Search bug – app with Permission Request for Search/QueryAsUserIgnoreAppPrincipal gives “Only tenant administrators can install this app” for on-premises installations
ALSO: can now run multiple app domains with reverse proxy/AAM
Bugs fixed in March 2013 update (all undocumented!)
Microsoft:
Secure Sockets Layer (SSL) is a requirement for web applications that are deployed in scenarios that support server-to-server authentication and app authentication.
http://technet.microsoft.com/en-us/library/ee806885(v=office.15).aspx
Apps and SSL
So do it in dev too!
Configuring SSL in dev
Pre-reqs: DNS - entries created (wildcard for apps, unique IP for apps WA) IIS - ensure apps WA uses ‘All Unassigned’
Use SELFSSL to generate certs Sites (wildcard = *.cob.dev, or individual) Apps (wildcard = *.spapps.dev)
Export as .pfx then import (SELFSSL bug)Re-bind certs in IISIISReset!
Continuous Integration for apps
Microsoft have released PS scripts See http://officesharepointci.codeplex.com Works with on-premises or Office 365 Uses PS + .NET CSOM to install app
Support for: SharePoint-hosted apps Provider-hosted apps (via WebDeploy)
Can be used with visualstudio.com (TFS online)
Can I use navigation controls/providers? Unlikely. Providers have context of host web, not app
web. Static links likely to be better
WebDAV is disabled for appsSP-hosted apps currently cannot be used on SAML
claims sites
Other notes:
Some beginner issues
1. Error occurred in deployment step 'Install app for SharePoint': Sideloading of apps is not enabled on this site
You tried to “F5 deploy” to a site not based on Developer Site template OR sideloading Feature is not activated
2. JavaScript runtime error: 'Type' is undefined JavaScript dependency issue – MicrosoftAjax.js needs to be earlier!
3. App part difficulties (e.g. JavaScript errors) Need correct JS references – see http://www.silver-it.com/node/126 Need AllowFraming tag and <meta http-equiv..tags No _spPageContextInfo
Troubleshooting apps
Advanced topics
1. Updatability – CSS/JS/images are difficult to update across app instances (OR SANDBOX!)
ANSWER: Use Azure (or internally hosted location) to centralise
2. Architecture – should I deploy to the host web? ANSWER :
–Maybe, if the app is trusted–But what is the app framework giving you over a sandbox/farm solution?
Designing SharePoint-hosted apps
Possible reasons for cloud app
Need to go beyond JavaScript to develop functionality E.g. service layer E.g. use of back-end non-
SharePoint data
Needs Remote Event Receivers (app installed, app upgraded etc.)
Needs scheduled process
On-prem SharePoint sites using SAML claims
You don’t want to develop entire app in JavaScript OR, you want to
leverage .Net/PHP/whatever skills
Thank you for attending!
www.sharepointnutsandbolts.com
@ChrisO_Brien