10. App Isolation
App Azure
or other provider
Host
Web
App Web
(optional)
http://myserver/sites/myweb/
http://app12345/sites/myweb/
http://whatevs.com/somepath/
Different domain names leverage
browsers’ same-origin policy
11. App
Host
Web
App
Web
Mix and match App Web and Cloud
Provisioned by SharePoint on
app installation
Code in Javascript on browser
No Server Code – period!
(though you can leverage
installed ASP.NET controls)
May contain declarative, web-
scoped features (lists, site
pages, client script, images,
css)
Access host web via cross-
domain library
Auto-hosted apps are
provisioned by Office 365 on
app installation
(Office 365 only; not yet
released)
Any hosted web site can work;
pretty much anything goes
Access host and app webs via
OAuth – run under:
End user’s permissions
App permissions
App Web Provider or Autohosted
13. Choosing an Approach
Backward compatibility with
existing solutions
Leverages SharePoint
development skills
Full access to server OM – you
can do nearly anything
Elevate privileges and be
omnipotent!
Sandboxed solutions
Scalability / reliability issues
“Deprecated”
App code is reusable in
SharePoint and Office
Leverages general web
development skills
Better isolation – no more
leftover web parts and lists
Run under App identity – safer
way to elevate
Auto-hosted apps
Office 365 Only
Not really released even there
SharePoint Solutions SharePoint Apps
14. Choosing a Hosting Model
No server side code, period
Access to OOB SharePoint
web controls on the page
Hosted on customer’s SP
infrastructure
Server-side code
Server is not subject to
cross-domain policy
More flexible data storage
(SQL Azure, etc.)
SharePoint Hosted Provider / Azure Hosted
Remember you can combine both hosting
models in your app
16. Choosing an Access Method
Synchronous or
asynchronous in Javascript
Returns entities (e.g.
Contact, Task)
Easier access from
jQuery– no dependency on
SP.JS
Asynchronous only in
Javascript
Returns SharePoint objects
(e.g. List, ListItem)
Easier access from .NET
server side
Batched requests
REST CSOM
18. What’s New in CSOM
User Profiles
Search
Taxonomy
Feeds
Publishing
Business Connectivity
Services
Sharing
Workflow
E-Discovery
IRM
Analytics
So much more than simple site and list access!
20. Representational State Transfer (REST)
• Operations map to HTTP verbs
• Retrieve items/lists GET
• Create new item POST
• Update an item PUT or MERGE
• Delete an item DELETE
• These apply to links (lookups) as well
• SharePoint rules apply during updates
• Validation, access control, etc.
21. URL Conventions
Addressing lists and items
List of lists /_api/web/lists
List /_api/web/lists(‘guid’)
List /_api/web/lists/getbytitle(‘Title’)
Items /_api/web/lists/getbytitle('listname')/items
Item /_api/web/lists/getbytitle('listname')/items(1)
Single column /_api/web/lists/getbytitle('listname')/items(1)/fields/getByTitle('Description')
Sorting ?$orderby=Fullname
Filtering $filter=JobTitle eq 'SDE'
Projection ?$select=Fullname,JobTitle
Paging ?$top=10&$skip=30
Inline expansion ?$expand=Project
Presentation options
22. DEMONSTRATION
Concepts Shown:
- Use of RESTful services
- Accessing the host web from with the Cross-Domain Library
- App part settings
Image Rotator
23. App Isolation
App Azure
or other provider
Host
Web
App Web
(optional)
SharePoint Authentication
SharePoint Authentication
OAuth
24. Open Authentication
• Standard in use by dozens of public
sites
• Similar to a valet key
• App gives to a partly
trusted 3rd party
• Grants limited access
• SharePoint grants the
app access on the
user’s behalf
• No need to pass the
user’s credentials
• SharePoint can limit the
scope of access
25. Remote Event Receivers
• Require a provider or Azure-hosted app
• Uses Access Control Services (ACS) token
• Passed from SharePoint to remote web service
• Web service can request a token to send back to SharePoint
• SharePoint calls a web service with the following methods:
• ProcessEvent() – Synchronous
• ProcessOneWayEvent() – Asynchronous
• List, ListItem, Web, and App level scopes
• App Events – call AppEventReceiver.svc
• App Installed
• App Uninstalling
• App Upgraded
• Caveats:
• Before and after properties are still quirky
• No guaranteed delivery
• Watch latency and performance on synchronous events
27. Workflow New workflow engine hosted outside of SharePoint
Author workflows in SharePoint Designer or Visual Studio 2012
Access SharePoint via built-in actions and web services
Access SharePoint under App identity
(instead of Impersonation Step)
28. Resources
SharePoint 2013 Development
• Host webs, Web apps, and SharePoint Components: http://bit.ly/R3tUiO
• Data Access Options for Apps in SharePoint 2013: http://bit.ly/Peeof9
• OAuth and SharePoint 2013: http://bit.ly/Ny1jNd
• SharePoint 2013 Workflows: http://bit.ly/PEJCze
• Programming using the SharePoint 2013 REST service: http://bit.ly/LR66Ju
• Programming using the SP 2013 CSOM (JavaScript): http://bit.ly/OJUARG
Contact Us
• Bob German - @Bob1German
http://msdn.microsoft.com/BobGerman
Bobg@bluemetal.com
• Derek Cash Peterson - @SPDCP
http://spdcp.com
Derekcp@bluemetal.com
29. Housekeeping
• Please remember to turn in your filled out bingo cards
and event evaluations for prizes.
• SharePint is sponsored by Slalom at Whiskey Trader
(Between 55th and 56th on 6th Avenue).
• Follow SharePoint Saturday New York City on Twitter
@spsnyc and hashtag #spsnyc