Microsoft ® Official Course Creating Robust and Efficient Apps for SharePoint Microsoft SharePoint 2013 SharePoint Practice.

Microsoft® Official Course

Creating Robust and Efficient Apps for SharePoint

Microsoft SharePoint 2013

SharePoint Practice

Module Overview

Apps for SharePoint

Communicating with SharePoint from an App

Authenticating and Authorizing Apps for SharePoint•Designing Apps for Performance

Lesson 1: Apps for SharePoint

Discussion: Why Create Apps?

Fundamentals of Apps for SharePoint

The App Package

Demonstration: Exploring an App Package

Distributing Apps for SharePoint

Installation Scopes and App Domains• Infrastructure for Apps

Discussion: Why Create Apps?

•What are apps for SharePoint?•Why create an app?

Fundamentals of Apps for SharePoint

•Hosting models• SharePoint-hosted apps• Auto-hosted apps• Provider-hosted apps

• App webs and host webs• App is installed on the host web• App resources are contained within a dedicated app web

• Accessing app functionality• Full-page apps• App parts• Custom actions

The App Package

• Packaged as .app files

• App manifest defines:• Start page URL• App properties• Permissions required by the app• Prerequisites• App principal identifier

• Package can also contain:• Declarative components for the app web• Features for the host web (app parts and custom actions)• Application components for deployment to Azure

Demonstration: Exploring an App Package

In this demonstration, you will see how pages and other assets are assembled into an app package.

Distributing Apps for SharePoint

•App Catalog• Internal catalog of apps within an organization• One per web application (on-premises deployments)• One per tenancy (Office 365 subscriptions)

•Office Store• Global, publicly-accessible storefront• Collects payment and supports licensing• Apps published subject to approval process

Installation Scopes and App Domains

•Each installation of an app has:• A unique security identifier• A unique domain

• Installation scopes• Site• Tenancy

•App Domains• App prefix• Unique app ID• Top-level app web hosting domain

Infrastructure for Apps

•App Management Service•Subscription Settings Service

Lesson 2: Communicating with SharePoint from an App

Using the REST API

Performing CRUD Operations with REST

Using the JavaScript Object Model

Developing Robust JavaScript Code

Discussion: REST API versus JavaScript Object Model

Resolving Errors with the JavaScript Object Model•Using the Managed Client Object Model

Using the REST API

• The REST API is provided by the client.svc service• Exposed on every SharePoint site• Accessible at the site-relative path _api

• Constructing REST API URLs• http://intranet.contoso.com/_api/site• http://intranet.contoso.com/_api/web/currentuser• …/_api/web/lists/getbytitle("Invoices")

• Including OData query operators• /_api/web/lists/getbytitle("Invoices")/items?

$select=Title,Amount• /_api/web/lists/getbytitle("Invoices")/items?$skip=10&$top=10

Performing CRUD Operations with REST

•Reading data• Use _spPageContextInfo.webServerRelativeUrl to get the server-relative root URL of the SharePoint site• Use $.getJSON() for simple requests• Use $.ajax() for more complex requests

•Creating, updating, and deleting data• Use $.ajax()• Specify an appropriate HTTP verb• Include the form digest in the X-RequestDigest header

Using the JavaScript Object Model

•Provides a client-side proxy for client.svc• Interact with the server from SharePoint web pages•Asynchronous programming model

getSiteCollection = function () { context = new SP.ClientContext.get_current(); siteCollection = context.get_site(); context.load(siteCollection); context.executeQueryAsync (onSuccess, onFailure);}onSuccess = function () { alert(“URL: “ + siteCollection.get_url());}onFailure = function () { alert(“Could not obtain the site collection URL”);}

Developing Robust JavaScript Code

•Strict JavaScript• ‘use strict’;• Script scope• Function scope

•Encapsulation• Use custom namespaces• Use an encapsulation pattern• Example: module pattern

Discussion: REST API versus JavaScript Object Model

• If you write JavaScript code for an app, you can use either the REST API or the JavaScript object model to communicate with SharePoint.• In what circumstances would you use each approach?

Resolving Errors with the JavaScript Object Model

•A server-side error can cause a whole batch of operations to fail•To avoid this, use an ExceptionHandlingScope•Send try/catch/finally instructions to the servervar scopeObject = new SP.ExceptionHandlingScope(context);

// Start a try-catch-finally blockvar scopeBlock = scopeObject.startScope();

var tryBlock = scopeObject.startTry();// This is the try block.tryBlock.dispose();

var catchBlock = scopeObject.startCatch();// This is the catch block.catchBlock.dispose();

Using the Managed Client Object Model

• Client-side proxy for .NET applications• ASP.NET MVC web applications• Mobile apps

• Supports synchronous and asynchronous operations

• Similar functionality and patterns to JavaScript object model• Client context object• Load and LoadQuery• ExecuteQuery and ExecuteQueryAsync• ExceptionHandlingScope

Lesson 3: Authenticating and Authorizing Apps for SharePoint

The App Security Model

App Authentication

Registering an App Principal

Requesting Permissions

Discussion: Requesting Permissions

Working with Tokens•Communicating Across Domain Boundaries

The App Security Model

• An app is a security principal• Can be granted permissions• Must be authenticated

• App principals• Client ID• Title• Client secret• Remote host domain

• App permissions• Request permissions in app manifest• All permissions must be granted when app is installed• Users can only assign permissions they themselves hold

App Authentication

• Internal authentication• Request targets an app web• Request includes a SAML token for user• SharePoint-hosted apps

• External authentication with Oauth• Windows Azure ACS issues access token• Access token contains app ID and user ID• Auto-hosted apps

• External authentication with S2S• Trust relationship configured by X.509 certificate exchange• Remote web host server issues access token• Provider-hosted apps

Registering an App Principal

•Registering app principals• Automatic for SharePoint-hosted and auto-hosted apps• Manual process for provider-hosted apps

•App manifest requirements

•Remote web.config requirements<configuration> <appSettings> <add key=“ClientId” value=“…” /> <add key=“ClientSecret” value=“…” /> </appSettings></configuration>

<AppPrincipal> <RemoteWebApplication ClientId=“…” /></AppPrincipal>

Requesting Permissions

<AppPermissionRequests> <AppPermissionRequest Right=“Manage" Scope="http://sharepoint/content/sitecollection/web" />

<AppPermissionRequest Right="Read" Scope="http://sharepoint/content/tenant" />

<AppPermissionRequest Right="QueryAsUserIgnoreAppPrincipal" Scope="http://sharepoint/search" />

<AppPermissionRequest Right=“Read" Scope="http://sharepoint/content/sitecollection/web/lists" > <Property Name=“BaseTemplateId” Value=“105” /> </AppPermissionRequest></AppPermissionRequests>

Discussion: Requesting Permissions

•Review the scenario in the handbook•How would you configure permission requests for this app?

Working with Tokens

•Working with tokens• Context tokens (OAuth only)• Refresh tokens (OAuth only)• Access tokens (OAuth and S2S)

•The TokenHelper classvar contextToken = TokenHelper.GetContextTokenFromRequest(Page.Request);var hostURL = Page.Request["SPHostUrl"];using (var context = TokenHelper.GetClientContextWithContextToken(hostURL, contextToken, Request.Url.Authority)) { context.Load(context.Web); context.ExecuteQuery;}

Communicating Across Domain Boundaries

•Cross-domain library• SP.RequestExecutor.executeAsync method• Access resources in app web from remote web page

•Web proxy• SP.WebRequestInfo object• SP.WebProxy.invoke method• Access resources in external domain from web page• Register external domain in app manifest

Lesson 4: Designing Apps for Performance

Using SharePoint Health Scores

Using Client-Side Caching•Optimizing Server Requests

Using SharePoint Health Scores

•Every web application has a health score• Integer value from 0 (good) to 10 (bad)• Updated every five seconds

•SharePoint includes health score in every response• X-SharePointHealthScore HTTP header

$.ajax({ type: "GET", url: _spPageContextInfo.webServerRelativeUrl + "/_layouts/15/blank.htm", success: function (data, status, xhr) { alert(xhr.getResponseHeader("X-SharePointHealthScore")); }});

Using Client-Side Caching

•Responsive web pages:• Minimize data exchange with server• Maximize use of caching

•Caching in apps for SharePoint• Browser caches responses to GET requests• Caching automatic for REST API and JSOM

•Content Delivery Networks (CDNs)• Provide popular content (such as script libraries)• Host static content• Maximize use of caching

Optimizing Server Requests

•Minimize bandwidth consumption• Specify properties you want to retrieve• Include filter expressions• Filtering is performed on server

•Minimize server round trips• Use batching

Lab: Monitoring SharePoint Health Scores

Exercise 1: Creating and Deploying an App Part•Exercise 2: Working with Server Health Scores

Lab Scenario

The IT team at Contoso has released new performance and design guidelines for SharePoint app developers. One of the guidelines is that all apps should request a health score from the SharePoint server before attempting to perform any processing. As the lead SharePoint developer, your task is to create a reference app that demonstrates how to work with health scores. Within your app, you will use an app part to poll the server periodically and display a graphical representation of the current health score.

Module Review and Takeaways