Upload
wspdc-fedspug
View
912
Download
2
Tags:
Embed Size (px)
Citation preview
Develop Apps for SharePoint 2013
Danny Jessee@FEDSPUGNovember 7, 2013
Passed exams:70-488, 70-48970-331, 70-332
9 yearsSharePoint experience
Who Am I?
Photo courtesy Marie Sly | mariesly.com
@dannyjessee
SharePoint DeveloperFulcrum IT Services, LLC
Agenda SharePoint development options (pre-2013) Shortcomings of legacy approaches SharePoint 2013 development improvements
Apps for SharePoint Geolocation data in SharePoint 2013 Demo time!
What we won’t be discussing… Administrative configuration required to support apps for SharePoint Setting up the app domain in DNS (new Forward Lookup Zone, new
CNAME alias), configuring the App Management and Subscription Settings service applications, configuring app URLs and setting up an app catalog
Cloud-hosted apps (beyond an introduction) Office 365 + Windows Azure Services + SQL Azure Office 365 “Napa” development tools
Advanced app permissions scenarios/OAuth in detail
SharePoint Store or app licensing
Before we begin… How many of you are:
Developers? System administrators? IT pros? Others?
Who has already seen or worked with SharePoint 2013?
Is anyone already building apps for SharePoint?
Development optionsSharePoint 2007
2007 development options Farm solutions (*.wsp) Full server-side object model, no limitations in functionality or scope (unless bin/CAS policy in use)
All deployments require physical access to the server
Potentially harmful solutions, privileged identities Have you met my best friend RunWithElevatedPrivileges? I’m supposed to Dispose() these objects? Oh, just do another
IISRESET…
Made environments difficult and costly to upgrade
Development optionsSharePoint 2010
2010 development options Enter sandbox!
“We’re off to never never-land” (or is it the cloud?)
With sandboxed solutions: Code has access to a limited, “safe” subset of the SharePoint object
model Assemblies are loaded by an isolated process that uses a low-
privilege identity Solution framework terminates code if it does not respond to
requests within a specified duration
Deployed by site collection administrators IT involvement no longer needed (they still set/manage resource
quotas)
Farm solutions still a viable option on-premises
What’s wrong with this picture?
Shortcomings Code is executing on the SharePoint frontend servers
Difficult to run code anywhere but within SharePoint Ever try coding against the .asmx web services? CSOM wasn’t fully “there” yet
SharePoint developers required for everything Need to know Visual Studio, .NET, SharePoint server-side object
model
Solutions are notoriously bad at cleaning up after themselves on uninstall
Farm solutions are a non-starter in the cloud
Steps in the right direction SharePoint 2010 introduced CSOM (client.svc) WCF entry point – direct access from clients NOT supported, proxy
required Client class library for managed .NET/Silverlight Browser-based JavaScript class library (limited)
RESTful interface to access lists/libraries (listdata.svc)
Allow for interaction with SharePoint capabilities without executing code on the SharePoint server
Still fairly limited/restricted compared to server-side object model
Development optionsSharePoint 2013
2013 development options Farm solutions still supported
Recommended only for administrative extensions (timer jobs, custom cmdlets)
Full-trust only (CAS policies are now ignored)
Sandboxed solutions still allowed, but deprecated
.asmx web services and owssvr.dll (RPC) deprecated
Objectives are to maximize flexibility and capability while minimizing footprint on the SharePoint server This has been the goal since at least SharePoint 2010, but Microsoft
has made VERY significant investments to make this a reality in SharePoint 2013
2013 improvements CSOM WCF entry point can now be accessed directly via REST-based calls (no proxy required!) /_vti_bin/client.svc /_api Much easier for JavaScript (and other non-.NET clients) to leverage
Now possible to fully interact with SharePoint from external platforms
Many new APIs added to CSOM Additional SharePoint Server functionality: user profiles, search,
taxonomy, feeds, publishing, sharing, workflow, e-discovery, information rights management, analytics, business data
Which API should I use?
Image from http://msdn.microsoft.com/en-us/library/sharepoint/jj164060.aspx
Apps for SharePoint
Apps for SharePoint (*.app) New mechanism to deploy code-based customizations to the SharePoint platform Contains an XML app manifest, installed to a specific target site (host
web)
Self-contained, isolated pieces of functionality Can add basic files (e.g., CSS, JavaScript), create pages and lists in
isolated storage (app web)
No server-side code runs inside SharePoint
Everything is an app!
App development options “Napa” Office 365 development tools
Browser-based development environment (no other tools required) App projects can be downloaded and opened in Visual Studio
Visual Studio 2012 with Office developer tools
Types of apps Provider-hosted
Deployed outside the SharePoint server Can run in the cloud or on a different on-premises web server
Autohosted Automatically provisions resources to Windows Azure and SQL Azure Ultimate scalability
SharePoint-hosted (on-premises) Deployed to an SPWeb known as the host web Provisions its resources on an SPWeb known as the app web Good for simple solutions, 100% client-side code
Types of apps
Image from http://msdn.microsoft.com/en-us/library/fp179930.aspx
What can I do with an app? Features (Web-scoped) Custom actions Remote event receivers App parts (client web
part) Custom CSS files Custom JavaScript files Modules (sets of files) Pages List templates
• List and library instances• Custom list forms• Custom list views• Custom content types• Fields (of built-in types)• BCS models (Web-
scoped)• Workflows• Property bags• Web templates
App shapes Apps can come in any of three shapes:
Immersive full page app: good for scenario-based apps, can still use SharePoint chroming
Part app: like a web part; hosted in an IFRAME Extension app: adding custom actions
Image from http://msdn.microsoft.com/en-us/library/fp179930.aspx
App web Each app installation has its own unique URL
App web provisioned at the time of app installation https://[app prefix][app hash].[app domain]/[relative site URL]/[app
name]
App domain should be different from host domain Built-in browser support for blocking XSS prevents code from calling
back directly to the host web SP.RequestExecutor library should be used for cross-domain calls
Host web and app web
Image from http://msdn.microsoft.com/en-us/library/fp179925.aspx
App permissions Apps for SharePoint have distinct identities
Associated with an app principal
App principal has permissions and rights Always has Full Control to the app web
Apps must request permissions to the host web or any other location outside of the app web
OAuth tokens are used to pass app identity
App permissions App permission requests must include the rights needed by the app and the scope at which those rights are needed
Rights: Scopes:
App permissions Trust must be explicitly granted by the user installing the app (all or nothing)
Geolocation data in SharePoint 2013
Geolocation data in 2013 Geolocation is a new field type in SharePoint 2013 Allows Latitude and Longitude (decimal coordinates) to be stored in
lists Allows retrieval of current user’s location from the browser (if it
implements the W3C Geolocation API) Displays values on a Bing map Must be added declaratively/programmatically (not available from
the UI)
SQLSysClrTypes.msi must be installed on all frontends (from SQL Server Feature Pack) 2008 R2: http://
www.microsoft.com/en-us/download/details.aspx?id=26728 2012: http://
www.microsoft.com/en-us/download/details.aspx?id=29065
Geolocation data in 2013 To use Bing Maps, you must obtain a Bing Maps API key and set its value at the web or farm level https://www.bingmapsportal.com Set-SPBingMapsKey –BingKey "<Enter a valid Bing Maps key>"
Field XML for a Geolocation column <Field ID="{b42dc311-3dad-4940-bcb7-412b57e5d017}" Name="Geolocation" DisplayName="Geolocation" Type="Geolocation" Required="FALSE" Group="Geolocation Site Columns">
Geolocation data in 2013 Add list item
Geolocation data in 2013 Add list item
Geolocation data in 2013 View list item
Geolocation data in 2013 Create a “Map View” for multiple list items
Geolocation data in 2013 Map View
Demo time!
Get started building apps Sign up for your free Office 365 developer site http://dev.office.com – use the “Napa” development tools
Sign up for your free 14-day trial of CloudShare ProPlus (“on-premises experience” in the cloud) http://cloudshare.com SharePoint 2013 environments have Visual Studio 2012 preinstalled! App tips and sample code: http://blog.cloudshare.com/author/danny
Give your developer VMs 10-16+ GB RAM! Download my demo project: http://sdrv.ms/XbohjT
Conclusion Microsoft has made significant improvements to the developer experience in SharePoint 2013 Anything you can do in the server-side object model can be done
through CSOM, JSOM, REST/OData
Apps are the recommended approach in 2013
Apps are not a silver bullet Whether you use apps or not, you should strive to run as little code on the SharePoint server as possible
Questions?
Thank you for your time!@[email protected]/blog
Backup slides
Farm solutions vs. sandboxed solutions Farm solutions
Code impacts the entire farm Hosted in the IIS worker process (W3WP.exe) Application pool recycles before solution is retracted/deployed Can be used for every type of SharePoint component
Sandboxed solutions Code impacts the site collection of the solution Hosted in the user code solution worker process
(SPUCWorkerProcess.exe) No app pool recycles required to load latest version
SharePoint 2013 improvements All APIs have dual support (CSOM and REST)
Data can be returned as JSON (good for AJAX clients) or ATOM (good for any client) Can be selected with ACCEPT header (application/json,
application/atom+xml)
REST and OData are a winning combination
What about OData? New data access API for HTTP-based clients Based on open specifications (Microsoft Open Specification Promise)
Standardizes CRUD operations by mapping them to HTTP verbs (GET, POST, PUT/MERGE, DELETE)
Read the specification at http://odata.org
Tips and tricks Easy to test REST calls (GET requests) through the browser
RESTClient for Firefox https://addons.mozilla.org/en-US/firefox/addon/restclient/
JavaScript: _spPageContextInfo.webAbsoluteUrl
jQuery: $.getJSON(requestUri, null, onDataReturned)
jsRender.js makes a great templating engine to generate output from a JSON collection
Configuring an on-prem farm for apps New instance of App Management Service App Can be done using the farm wizard
Configure root domain name for all app webs Set-SPAppDomain cmdlet
Create instance of Subscription Settings Service App Can only be done through PowerShell
Configure a name for the default tenant Set-SPAppSiteSubscriptionName cmdlet (only one tenant on-prem)
DNS setup (Visual Studio updates lmhosts file in dev)
{StandardTokens} in the query string SPHostUrl=http%3A%2F%2Fc4968397007&SPLanguage=en%2DUS&SPClientTag=0&SPProductNumber=15%2E0%2E4420%2E1017&SPAppWebUrl=http%3A%2F%2Fapps%2D68b0b5ab173c7f%2Esp2013apps%2Ecom%2FSharePointApp1
App domain security Having a separate app domain allows SharePoint to determine exactly which app generated a JavaScript callback
This allows SharePoint to authenticate an app and examine its permissions any time a call originates from the app web
App authorization policy types User-only – only takes the user identity into account
User + app – both the user identity and the app identity are considered
App-only – only the app identity is considered Requires special logic to obtain client context with app-only token http://
code.msdn.microsoft.com/officeapps/SharePoint-2013-Make-app-6e3d1ee9
Closest thing to “running elevated” or impersonating a privileged account
References
References SharePoint 2013 development overview
http://msdn.microsoft.com/en-us/library/sharepoint/jj164084.aspx
Build apps for SharePoint http://msdn.microsoft.com/en-us/library/office/apps/jj163230.aspx
Farm solutions http://msdn.microsoft.com/en-us/library/ff798425.aspx
Sandboxed solution considerations http://msdn.microsoft.com/en-us/library/ee231562.aspx
References (cont.) Deciding which SharePoint 2010 API to use
http://msdn.microsoft.com/en-us/library/hh313619%28v=office.14%29.aspx
SharePoint development in Visual Studio http://msdn.microsoft.com/en-us/library/ee330921.aspx
Choose the right API set in SharePoint 2013 http://msdn.microsoft.com/en-us/library/sharepoint/jj164060.aspx
Get started with the SharePoint 2013 REST service http://msdn.microsoft.com/en-us/library/fp142380.aspx
References (cont.) Apps for SharePoint overview
http://msdn.microsoft.com/en-us/library/fp179930.aspx
Important aspects of the app for SharePoint architecture and development landscape http://msdn.microsoft.com/en-us/library/fp179922.aspx
App permissions in SharePoint 2013 http://msdn.microsoft.com/en-us/library/fp142383.aspx
UX design for apps in SharePoint 2013 http://msdn.microsoft.com/en-us/library/fp179934.aspx
References (cont.) What’s new for developers in SharePoint 2013 http://msdn.microsoft.com/en-us/library/jj163091.aspx
Introducing SharePoint apps http://blog.tedpattison.net/Lists/Posts/Post.aspx?ID=14
Introducing the SharePoint 2013 application model http://
www.binarywave.com/blogs/eshupps/Lists/Posts/Post.aspx?ID=266
Setting up your App domain for SharePoint 2013 http://
sharepointchick.com/archive/2012/07/29/setting-up-your-app-domain-for-sharepoint-2013.aspx
References (cont.) Remove app for SharePoint instances from a SharePoint 2013 site http://technet.microsoft.com/en-us/library/fp161233.aspx
How to: Create app parts to deploy with apps for SharePoint http://msdn.microsoft.com/en-us/library/fp179921.aspx
How to: Create custom actions to deploy with apps for SharePoint http://msdn.microsoft.com/en-us/library/jj163954.aspx
References (cont.) How to: Set up an on-premises development environment for apps for SharePoint http://msdn.microsoft.com/en-us/library/fp179923.aspx
App permissions in SharePoint 2013 http://msdn.microsoft.com/en-us/library/fp142383.aspx
App authorization policy types in SharePoint 2013 http://msdn.microsoft.com/en-us/library/fp179892.aspx
References (cont.) Using the SharePoint 2013 object model in an app for SharePoint http://msdn.microsoft.com/en-us/library/jj191507.aspx
Install and Manage Apps for SharePoint 2013 http://technet.microsoft.com/en-us/library/fp161232.aspx