Apps 101 - Moving to the SharePoint 2013 App Model - Presented 7/27/13 at SharePoint Saturday NYC

Apps 101Moving to the SharePoint 2013 App Model

Derek Cash-Peterson – SharePoint Practice DirectorBob German – SharePoint Principal Architect

SharePoint Principal Architect

@Bob1Germanhttp://blogs.msdn.com/BobGerman/

Developer andAuthor

SharePoint Practice Director

@spdcpwww.spdcp.com

<Insert info>

Meet Bob and Derek

Key Topics

Apps ModelOverview

More• App Store• Event

Receivers• Workflow

App Access to SharePoint• REST• Client Side

Object Model

App Security• Cross-domain

Access• OAuth

2003

2007

2010

2013

Apps 101

HostWeb

AppWeb

• Link or IFrame

• REST or Client OM• App Security

App Hosting Options

HostWeb

App Web

SharePointHosted App

Provider or Auto-Hosted App

App Azureor other provider

HostWeb

App Web(optional)

App Isolation

App Azureor other provider

HostWeb

App Web(optional)

http://myserver/sites/myweb/

http://app12345/sites/myweb/

http://whatevs.com/somepath/

Different domain names leverage browsers’ same-origin policy

App

HostWeb

AppWeb

Mix and match App Web and Cloud

Provisioned by SharePoint on app installation

Code in Javascript on browserNo Server Code – period!(though you can leverage installed ASP.NET controls)

May contain declarative, web-scoped features (lists, site pages, client script, images, css)

Access host web via cross-domain library

Auto-hosted apps are provisioned by Office 365 on app installation(Office 365 only; not yet released)

Any hosted web site can work; pretty much anything goes

Access host and app webs via OAuth – run under: End user’s permissions App permissions

App Web Provider or Autohosted

DEMONSTRATION

Concepts Shown:- Declarative features in App Site- Client Side Object Model- Simple Client Web Part (“App Part”)

Chord Calculator

Choosing an Approach

Backward compatibility with existing solutions

Leverages SharePoint development skills

Full access to server OM – you can do nearly anything

Elevate privileges and be omnipotent!

Sandboxed solutions Scalability / reliability issues “Deprecated”

App code is reusable in SharePoint and Office

Leverages general web development skills

Better isolation – no more leftover web parts and lists

Run under App identity – safer way to elevate

Auto-hosted apps Office 365 Only Not really released even there

SharePoint Solutions SharePoint Apps

Choosing a Hosting Model

No server side code, period

Access to OOB SharePoint web controls on the page

Hosted on customer’s SP infrastructure

Server-side codeServer is not subject to

cross-domain policyMore flexible data

storage (SQL Azure, etc.)

SharePoint Hosted Provider / Azure Hosted

Remember you can combine both hosting models in your app

App Access to SharePoint

Choosing an Access Method

Synchronous or asynchronous in Javascript

Returns entities (e.g. Contact, Task)

Easier access from jQuery– no dependency on SP.JS

Asynchronous only in Javascript

Returns SharePoint objects (e.g. List, ListItem)

Easier access from .NET server side

Batched requests

REST CSOM

Accessing Data with Client OM

SharePoint Data

SharePoint API

Client.svc

Client Application

Client OM Proxies• .NET CLR• Silverlight• Javascript

OData(REST)

What’s New in CSOM

User ProfilesSearchTaxonomyFeedsPublishingBusiness Connectivity

Services

SharingWorkflowE-Discovery IRMAnalytics

So much more than simple site and list access!

Representational State Transfer (REST)

SharePoint Data

SharePoint API

Client Application

ServerApplication

Client Application

ADO.NET Data Svcs Client

JSON ATOM

WPF/WinForm/OfficeSilverlightJavaScript

JSON ATOM

/_api/

Representational State Transfer (REST)

Operations map to HTTP verbs Retrieve items/lists GET Create new item POST Update an item PUT or MERGE Delete an item DELETE These apply to links (lookups) as well

SharePoint rules apply during updates Validation, access control, etc.

URL Conventions

Addressing lists and itemsList of lists /_api/web/lists

List /_api/web/lists(‘guid’)

List /_api/web/lists/getbytitle(‘Title’)

Items /_api/web/lists/getbytitle('listname')/items

Item /_api/web/lists/getbytitle('listname')/items(1)

Single column /_api/web/lists/getbytitle('listname')/items(1)/fields/getByTitle('Description')

Sorting ?$orderby=Fullname

Filtering $filter=JobTitle eq 'SDE'

Projection ?$select=Fullname,JobTitle

Paging ?$top=10&$skip=30

Inline expansion ?$expand=Project

Presentation options

DEMONSTRATION

Concepts Shown: - Use of RESTful services - Accessing the host web from with the Cross-Domain Library - App part settings

Image Rotator

App Isolation

App Azureor other provider

HostWeb

App Web(optional)

SharePoint Authentication

SharePoint Authentication

OAuth

Open Authentication

Standard in use by dozens of public sites

Similar to a valet key App gives to a partly

trusted 3rd party Grants limited access

SharePoint grants theapp access on theuser’s behalf No need to pass the

user’s credentials SharePoint can limit the

scope of access

Remote Event Receivers

Require a provider or Azure-hosted app Uses Access Control Services (ACS) token

Passed from SharePoint to remote web service Web service can request a token to send back to SharePoint

SharePoint calls a web service with the following methods: ProcessEvent() – Synchronous ProcessOneWayEvent() – Asynchronous

List, ListItem, Web, and App level scopes App Events – call AppEventReceiver.svc

App Installed App Uninstalling App Upgraded

Caveats: Before and after properties are still quirky No guaranteed delivery Watch latency and performance on synchronous events

DEMONSTRATION

Concepts Shown:- Provider hosted App- Remote Event Receiver- SP 2013 Geolocation Features

Locations Map

Work

flow

New workflow engine hosted outside of SharePoint Author workflows in SharePoint Designer or Visual Studio 2012 Access SharePoint via built-in actions and web services Access SharePoint under App identity

(instead of Impersonation Step)

Resources

SharePoint 2013 Development Host webs, Web apps, and SharePoint Components: http://bit.ly/R3tUiO Data Access Options for Apps in SharePoint 2013: http://bit.ly/Peeof9 OAuth and SharePoint 2013: http://bit.ly/Ny1jNd SharePoint 2013 Workflows: http://bit.ly/PEJCze Programming using the SharePoint 2013 REST service: http

://bit.ly/LR66Ju Programming using the SP 2013 CSOM (JavaScript): http

://bit.ly/OJUARG

Contact Us Bob German - @Bob1German

http://msdn.microsoft.com/[email protected]

Derek Cash Peterson - @SPDCPhttp://spdcp.com [email protected]

Housekeeping

• Please remember to turn in your filled out bingo cards and event evaluations for prizes.• SharePint is sponsored by Slalom at Whiskey Trader

(Between 55th and 56th on 6th Avenue).• Follow SharePoint Saturday New York City on Twitter

@spsnyc and hashtag #spsnyc

Thanks to Our Sponsors!

Thank You!

BOSTON | NEW YORK | CHICAGO

44 Pleasant Street, Watertown, MA 02472

www.bluemetal.comBlog.bluemetal.com

@bluemetalinc