This document provides an overview of developing a provider hosted SharePoint app. It discusses what provider hosted apps are, the app development history in SharePoint, hosting options for apps, the provider hosted app architecture, costs and benefits of being an app provider, the development model, and demonstrates creating an app manifest and using the Client Side Object Model. It also provides several resources for learning more about developing provider hosted SharePoint apps.

1. DEVELOPING A
PROVIDER HOSTED
SHAREPOINT APP
Talbott Crowell
SharePoint Saturday Austin
March 2nd, 2013

2. About Me
• http://about.me/talbott
• Solutions Architect at ThirdM
• A Founder of SharePoint Saturday Boston
• Microsoft MVP
• Blogger and Author

3. About this Talk
• For Developers
• Who want to build Apps For SharePoint
• For Architects
• Who want to understand options and architecture considerations of
a Provider Hosted App
• For Anyone
• Who wants to learn more about SharePoint 2013 and the future of
Extending and Customizing SharePoint

4. What is a Provider Hosted App
• SharePoint 2013 Compatible Application
• Hosted outside of SharePoint
• Azure
• Amazon Web Services (AWS)
• Rackspace
• Your Datacenter
• An on-premise server in your customer’s Datacenter (you provide
the Application, Hardware, and/or VM)
• Written in any language on any platform
• Java, F#, Ruby, Linux, Unix

5. App Development History
• SharePoint 2003 – Web Parts
• SharePoint 2007 – Farm Solutions & SPD
• WSP (A CAB file with deployment assets and
instructions) which may include:
• Server Code (.NET Assemblies for GAC or BIN)
• Client Code (JavaScript Files, CSS, HTML)
• ASP.NET (ASPX, ASCX, Master
Pages), Images, Site templates, List
definitions, Content Types (CAML), Layouts, various
other types of content
• SPD (SharePoint Designer)
• Create custom solutions with
Workflows, JavaScript, HTML, jQuery, Master
Pages, Layouts stored in Content Database
• SharePoint 2010
• Sandbox Solutions
• SharePoint 2013
• Apps for SharePoint

6. Apps for SharePoint Hosting Options
• Provider Hosted Apps
• SharePoint 2013 on-premise
or Office 365
• Unlimited scaling
• Autohosted Apps
• Typically Azure Web Sites
written in .NET
• Runs only in Office 365 (no
on-premise option)
• Uses the consumers Office
365 Azure resources
• SharePoint Hosted Apps
• Client side only
(JavaScript, jQuery, HTML, CS
S)
• Uses CSOM to manipulate
SharePoint object
• http://bit.ly/spapphosting

7. Provider Hosted Apps
Office 365 Data Center Application Runtime and Backend
or On-Premise SharePoint 2013 Farm (Can be anywhere: On-Premise or Cloud)
Provider
SharePoint Provider
2013
Hosted
Service
app
Provider Data
Customer Provider

8. Alternative Using Autohosted
Office 365 Data Center Application Runtime and Backend
(including Azure) (Cloud Service you Host)
Office 365 Autohosted app
Provider
(SharePoint Windows Azure
Online) Service
Azure Database
Customer Data Provider Data
Customer Provider

9. Provider Hosted Architecture
• Store or App Catalog – Deployment Manifest .APP file
• App Manifest – Declare App Permission Requests
• Trust Settings – User must “allow” or “trust” your app
• Provider receives Request with Trust Token
• Provider uses CSOM to call back to SharePoint using the
Trust Token
• SharePoint persists changes made by the Provider in the
Content Database (just like SharePoint Designer)

10. Costs of Being a Provider
• Need to maintain and cover hosting cost
• But you can extend your app to other ecosystems outside of
SharePoint
• iPad, Facebook, Kindle, Salesforce
• Changes will affect ALL customers
• May need a versioning strategy for customers in Life Sciences
(long validation lifecycle)

11. Benefits of Provider Hosted
• Does not tax the SharePoint Farm’s resources as much
as Farm Solution might
• Update 1000’s of SharePoint Farms with one release
update to the Provider
• Centrally managed at the Provider’s location
• Develop on any platform using any language leveraging
your existing developer and infrastructure knowledge
• Same App works on Office 365 and SharePoint 2013 on-
premise

12. Development Model
• Get Started using Azure and Office 365 Preview
• Many Blog posts on getting started
• Deploy your Provider Hosted app to your Provider
(Azure, AWS, Rackspace, local server)
• Deploy your .APP file to SharePoint

13. Development System Requirements
• Visual Studio 2012
• On Premise Development Environment
• http://bit.ly/spappdevenv
• Office Developer Tools for Visual Studio 2012
• http://bit.ly/spapptools

14. Decisions
• Office 365 or On-Premise?
• If Office 365, Visual Studio 2012
• If On-Premise then build your SharePoint 2013 Dev Server
• Windows Server 2012 or Windows Server 2008 R2 SP1
• http://msdn.microsoft.com/en-us/library/fp161179.aspx
• http://msdn.microsoft.com/en-us/library/fp179923.aspx

15. App Packaging
• Start with Visual Studio 2012 Project Template
• .APP
• Contains AppManifest.xml
• Set Permission Requests for your App
• Start Page
• Client ID
• App Icon Image File
• You can unpack the .APP by renaming .ZIP

16. Demo
• Using Visual Studio to create the App Manifest
• Explore Contents

17. Security
• Client Secret vs Certificate
• Client Secret requires SharePoint is farm connected to ACS
• Azure ACS (Access Control Service)
• Office 365 is already connected to ACS
• AppManifest.xml (.APP)
• Contains permissions
• OAuth
• TokenHelper.cs (runs on the Provider)
• Helps you manage requests for app tokens
• If you are developing in another language you will need to implement
this yourself

18. OAuth Example
TokenHelper.TrustAllCertificates();
string contextTokenString =
TokenHelper.GetContextTokenFromRequest(Request);
if (contextTokenString != null) {
contextToken =
TokenHelper.ReadAndValidateContextToken(
contextTokenString, Request.Url.Authority);
sharepointUrl =
new Uri(Request.QueryString["SPHostUrl"]);
accessToken = TokenHelper.GetAccessToken(
contextToken,
sharepointUrl.Authority).AccessToken;
CSOM.CommandArgument = accessToken;
}

19. CSOM
• Client Side Object Model
• Rich improvements over 2012
• .NET version
• JavaScript version
• http://bit.ly/csom2013

20. CSOM Example
protected void CSOM_Click(object sender,
EventArgs e) {
string commandAccessToken =
((LinkButton)sender).CommandArgument;
RetrieveWithCSOM(commandAccessToken);
WebTitleLabel.Text = siteName;
CurrentUserLabel.Text = currentUser;
UserList.DataSource = listOfUsers;
UserList.DataBind();
ListList.DataSource = listOfLists;
ListList.DataBind();
}
http://bit.ly/spappbasic

21. CSOM Example
ClientContext clientContext =
TokenHelper.GetClientContextWithAccessToken(
sharepointUrl.ToString(), accessToken);
//Load the properties for the web object.
Web web = clientContext.Web;
clientContext.Load(web);
clientContext.ExecuteQuery();
//Get the site name.
siteName = web.Title;
//Get the current user.
clientContext.Load(web.CurrentUser);
clientContext.ExecuteQuery();
currentUser = clientContext.Web.CurrentUser.LoginName;
//Load the lists from the Web object.
ListCollection lists = web.Lists;
clientContext.Load<ListCollection>(lists);
clientContext.ExecuteQuery();

22. Scope of Access
• What can you get to from CSOM?

23. Putting it all together
• Generate Client ID and Client Secret
• Generated by form on SharePoint Online
• https://<your site>/_layouts/15/appregnew.aspx
• APP Manifest and Icon packaged in .APP file
• Includes Permission Requests
• Includes Client ID
• Deployed to SharePoint
• Your app is deployed to Azure, etc…
• ClientID and ClientSecret
• Your app receives Token from SharePoint user request
• Your app uses Token to call CSOM

24. Review
• SharePoint has completely new Development Model
• Leverage existing understanding with CSOM
• Leverage existing other technology knowledge
• Update many customers (or Farms) at once
• Costs and Benefits of being a Provider
• Security with OAuth
• Package and Deploy to Store

25. Resources
• My Blog for Slides, Questions, and Follow up information
• http://bit.ly/tcrowell
• Pluralsight Videos by Andrew Connell
• Over 12 hours of Video
• http://bit.ly/acplural
• Microsoft MSDN Documentation
• http://bit.ly/spappmsdn
• CloudShare for developer and test hosting
• http://www.cloudshare.com/

26. More Resources
• Steve Fox’s Blog
• Create a free Azure Web Site to develop Provider Hosted App
• http://bit.ly/sfoxpart1
• http://bit.ly/sfoxpart2
• Chris Johnson's loosely typed thoughts…
• Build a SharePoint Provider Hosted App in 5 mins
• http://bit.ly/spapp5min

27. Thanks to our Sponsors!

28. Thank You
Developing a Provider
Hosted SharePoint App
Presented by Talbott Crowell
Please fill out evaluations!