Bob GermanPrincipal Architect

Introduction to Cloud Hosted Apps

Your apps here!

SPS Boston

Bob German SharePoint Principal Architect at BlueMetal Architects

Developer and architect on the SharePoint platform since Site Server 3.0

Co-author of SharePoint 2010 Development with Silverlightfor Addison-Wesley

BlueMetal Architects Boston, New York and Chicago.

We strive to build solutions that exactly meet our clients’ needs SharePoint / Information Management Data Platforms / Analytics ● Design Mobile Apps ● Enterprise Apps ● App Modernization

@Bob1Germanhttp://blogs.msdn.com/BobGerman/

Agenda

• Brief review of SharePoint Apps• Authentication and Client API’s• Demo 1: WebForms App• Demo 2: MVC App

All code is availablefor download

The New App Model

Code runs outside of SharePoint• Can’t affect “farm solutions” affecting

servers• Give apps just the permission they

need and no more(like a phone app)

• App web isolates app storage foreasy clean-up

AppAzure,

on-Premises, or Anywhere

HostWeb

App Web(optional)

Until now, developing for SharePoint was like developing for MS DOS or Windows 3.1 … no isolation, weak security. It’s time SharePoint development caught up with the rest of the industry!

App Isolation

App Azureor other provider

HostWeb

App Web(optional)

http://myserver/sites/myweb/

http://app12345/sites/myweb/

http://whatevs.com/somepath/

Different domain names leverage browsers’ same-origin policy

Where does your App run?

App Web External Web ServerOptionally Provisioned by SharePoint on app installation

No Server Code – period!(though you can leverage installed ASP.NET controls)

Code in Javascript on browserAccess host web via cross-domain library

May contain declarative, web-scoped features (lists, site pages, client script, images, css)

Can be on-premises or in the cloud

Auto-hosted apps are provisioned by Office 365 on app installation

Provider-hosted apps can run on-premises, in Azure, or anywhere (doesn’t even need to be .NET)

Access host and app webs via OAuth – run under:

End user’s permissionsApp permissions

App

HostWeb

AppWeb

User and App Identities

Programming Model Code Runs As Available API’s

Farm Solution User (or elevate to App Pool identity)

All

Sandboxed Solution User (or run in a workflow impersonation step as a specific user)

Very limited server API accessNo network/external access

SharePoint Hosted App App or User Javascript Client OM (JSOM),REST, SOAP web services*

Cloud Hosted App App or User Javascript Client OM (JSOM),Managed Client OM (CSOM),REST, SOAP web services*

* SOAP web services are “deprecated” for SharePoint 2013, but removing them would break a lot of Office integration scenarios

App Authentication

•User accesses SharePoint JSOM or REST API’s using inherent SharePoint security already in place•Used by Javascript on web pages in App web or using Cross-domain library•Only runs as User – no App identity

Internal

•Standard Authorization protocol used in many public web sites (FaceBook, Twitter, Live, Google, etc.) – “Valet Key” to access information•Requires external authentication server (e.g. Azure ACS)•Office 365 Auto-Hosted Apps automatically set up for OAuth

External(OAuth)

•SharePoint server is configured to trust an external server to authenticate users (Server Server)•No external authentication server – great for on-premises scenarios•Uses SSL Certs for simplicity – App code needs access to SSL Private Key

External(S2S)

Client API’s

REST (Representational Entity State Transfer)

• No client-side API components – access from anywhere! (Javascript, .NET, PHP …)

• OData compliant content access for easy access by ADO.NET Data Services, Excel, etc.

CSOM (Client Side Object Model)

• Client API available for Javascript (“JSOM”), .NET, Silverlight

• Batched requests are more efficient

SharePoint Server API

Client AppClient App

ADO.NET Data Svcs Client

JSON, ATOM

Client Side Endpoints

Client App

CSOM Proxy

/_api/ Client.svc

REST OData CSOM

Client API’s

• Site Content

• Site Collection Creation

• User Profiles

• Search

• Taxonomy

• Feeds

• Publishing

• Business Connectivity Services

• Sharing

• Workflow

• E-Discovery

• IRM

• Analytics

SharePoint Server API

Client AppClient App

ADO.NET Data Svcs Client

JSON, ATOM

Client Side Endpoints

Client App

CSOM Proxy

/_api/ Client.svc

REST OData CSOM

LocationsMaps and displays locations in a contacts list• ASP.NET WebForms• Uses SharePoint 2013 GeoLocation column• Remote event receiver geocodes list items• Client web part displays map

demo

.NET Web Development Choices

ASP Pages WebForms MVC

Control over HTML

Control over URLs

Drag and Drop Development

Ease of Code Reuse

Ease of Testing

Replaceable Components

Strong Offering

Weak / No Offering

… 2001 … 2003 … 2007 … 2013 …

PictureViewOrganizes pictures across multiple SharePoint picture libraries• ASP.NET MVC• Multi-page app using Chrome Control for branding• Testable controller using dependency injection• Web part shows a slide show

demo

Questions?

Code DownloadsLocations Demo (WebForms) http://bit.ly/SPC358-LocationSample

PictureView Demo (MVC) http://bit.ly/SPC419-SampleCode

@Bob1Germanbobg@bluemetal.com

http://blogs.msdn.com/BobGerman