marat bakirov readify. 2 3 serverclient browser host web server host sharepoint & exchange...
TRANSCRIPT
Creating Sharepoint 2013 Apps in the cloud.Marat BakirovReadify
APT002
2
QuestionsWho has NOT seen Brian’s previous session?Who has ever created apps for Sharepoint 2013?Who has an Office 365 account and utilises it?Who has ever used JavaScript CSOM object model?.
3
Contents• What is a Sharepoint App? • Sharepoint Hosted App challenges• Cloud hosted apps• Recap
4ServerClient
Bro
wse
r Hos
t
What is app?
Web Server H
ost
Client-side LogicHTML / CSS / Javascript
Office JS SharePoint JS (CSOM)
SharePoint&
Exchange
Server-side LogicAny language
Office
Web
App
s
Win
RT
Mac
Mob
ile
Win
32
APPProvider-hosted
Oth
erE.
g. L
AMP
IIS /
ASP
.Net
Win
dow
sAzu
re
CSOM REST
On-premises
IE
Chr
ome
Fire
Fox
Safa
ri
Tier 1 Tier 2
OtherECMAScript 5
Online
SharePoint
SQL
Workflow
Autohosted
SQL
Web Sites
Clie
nt A
PIs Server
APIs
5
Manifest SharePoint
Office Store
SharePoint App Catalog
Web Browser
Anatomy of a Sharepoint Hosted app.
Javascript, REST, etc
6
Manifest SharePoint
Office Store
SharePoint App Catalog
Web Browser
Anatomy of a Cloud Hosted app.Web Server: Azure, IIS, LAMP, etc…
Server code in ASP.NET Client code for Sharepoint
7
App Hosting
Get remote events from SharePoint Use CSOM/REST + OAuth
Cloud-hosted apps
Provider-hosted App
“Bring your own server hosting infrastructure”
SharePoint
Web
Your Hosted
Site
Autohosted AppWindows Azure + SQL
Azure provisioned automatically as apps
are installed
Azure SharePoint Web
App Web (from WSP)
Hostweb
SharePoint-Hosted App
Reuse web elements (lists, out-of-box web parts)
Client side technologies
8
App Shapes for SharePoint
Full page
Implement complete app experiences to satisfy business scenarios
PartsCreate app parts that can interact with the SharePoint experience
UI Command extensionsAdd new commands to the ribbon and item menus
9
Contents• What is a Sharepoint App? • Sharepoint Hosted App Challenges• Cloud hosted apps• Recap
10
SharePoint component isolation1 app installation = 1 “app web”
App webs are isolated in their own domain:
Leverages web browser same-origin policy for script isolation
Host web
App web
https://contoso.sharepoint.com/site/
https://contoso-appUID.sharepoint.com/site/app/
JSOM & RESTJavaScript object model
var ctx = SP.ClientContext.get_current();ctx.load(ctx.get_web().get_title());ctx.executeQueryAsync();
REST/ODatahttp://contoso-appUID.spo.com/site/app/_api/web/Title
_api/web/lists_api/web/lists/getByTitle('Documents')
_api/social.feed/my/news_api/SP.UserProfiles.PeopleManager/getMyProperties()_api/search/query?Querytext='Marketing'
Same origin policy!• Oops!
Client context and cross site callsTo access artefacts outside of the appweb:1. Request permission to the scope you want
to access2. Make your CSOM request using the right
client context.
var ctx = new SP.ClientContext(appWebUrl);var appContextSite = new SP.AppContextSite(ctx, hostWebUrl);ctx.Load(appContextSite.get_web());
14
Sharepoint hosted app and what you can do with itMarat BakirovReadify
15
Contents• What is a Sharepoint App? • Sharepoint Hosted App Challenges• Cloud hosted apps• Recap
16
Why would we use cloud hosted app?• Server code in your way• ASP.NET, ASP.NET MVC, C#, PHP, Java, Ruby, etc.
• Privileges elevation• Your app code does something user cannot do
• Remote event receivers• App installing /deleting• elements, lists, webs, etc.
17
App PermissionsApp permissions are configured in the app manifestDevelopers specify the permissions the app needs to be able to run
Apps request permissions during installationGranting app permission is all or nothing (installer can’t pick a chose what to grant from the request)
Apps must be granted permissions by the user executing the appUsers can only grant the permissions they have
Azure Access Control Service (ACS) plays the role of the authorization serverAzure ACS stores basic information about the app and provides apps access tokens for calling SharePoint APIs.
18
App policy• App + User policy• User AND an App should have resource permissions• No access or “element not found” errors
• App-only policy• Only app can should have permissions• Can access resource without SharePoint context• Server code only.
19
App-only PolicyScenarios:1. Privileges elevation2. Accessing Sharepoint without user context
How?3. Add AllowAppOnlyPolicy to AppManifest.xml4. Add code for getting app only access token
Normal call vs. app callusing (var clientContext = TokenHelper.GetClientContextWithContextToken(hostWeb, contextToken, Request.Url.Authority)){
var list = clientContext.Web.Lists.GetById(new Guid(listId));...clientContext.ExecuteQuery();
}
var contextTokenObject = TokenHelper.ReadAndValidateContextToken(contextToken, Request.Url.Authority);
var appOnlyAccessToken = TokenHelper.GetAppOnlyAccessToken(contextTokenObject.TargetPrincipalName,
new Uri(hostWeb).Authority, contextTokenObject.Realm);
using (var clientContext = TokenHelper.GetClientContextWithAccessToken(hostWeb, appOnlyAccessToken.AccessToken)){ var list = clientContext.Web.Lists.GetById(new Guid(listId)); clientContext.ExecuteQuery();}
First POST callvar contextToken = (string) this.Session["Token"] ?? TokenHelper.GetContextTokenFromRequest(Page.Request); var hostWeb = Page.Request["SPHostUrl"]; this.Session["Token"] = contextToken;
Simpler in 2013
POST!!!
22
What is Chrome control?
23
Cloud hosted app and what you can do withMarat BakirovReadify
24
Highlights and challenges1) Your app is called with POST2) No one will store a token for you3) F5 debugging.4) Chrome control to get Sharepoint styling
and a link to a host web.
25
Contents• What is a Sharepoint App? • Sharepoint Hosted App Challenges• Cloud hosted apps• Recap
26
Key points recapSharepoint client code only!AppWeb vs Host WebFirst call to hosted app is POSTApp permissions + app only policy gives elevationCustom actions, remote event receivers and lots of other stuff
27
Call to action
Developer Network
Resources for Developers
http://msdn.microsoft.com/en-au/
Learning
Virtual Academy
http://www.microsoftvirtualacademy.com/
TechNet
Resources
Sessions on Demand
http://channel9.msdn.com/Events/TechEd/Australia/2013
Resources for IT Professionals
http://technet.microsoft.com/en-au/
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.