With the new SharePoint App model running outside the SharePoint worker process it introduces new authentication models. As a developer you don't want to build multiple versions of the same app implementing each authentication model separately. This session explains the differences between securing SharePoint apps with OAuth in Office 365 and S2S High Trust in on-premise deployments. You will learn how to build a single app that will run on-premise, online and hybrid SharePoint environments.
8. Customization Options
Sandbox
Hosted in isolated
process
Limited server side
SharePoint API
access
No external
service calls
Farm SharePoint
Apps
Full trust solutions
Customizations to
file system of
servers
Hosted in same
process as
SharePoint
Server side
SharePoint API
access
Classic model from
2007
New Apps model
Deployed from
corporate catalog
or Office Store
Runs outside of
SharePoint process
Can be deployed
on Azure, IIS,
Apache,…
Simple install and
upgrade process
Deprecated in
SharePoint 2013
Beareris Access Token in Base64 encodingandsigned.Where found: Fiddler » Inspectors (tab) » Raw
Signedencoded access token based on JWT (Json Web Token), SharePoint checks if access token is trusted. Whentrustedanddecodedit check the following: Iss: Who signed the access token: <principal ID>(ACS or Client ID)@<realm>(Tenant ID or Farm ID)Aud: Who is this token entendedfor:<client ID>(SharePoint)/<target URL authority>(URLwebapp or tenant)@<target realm>(Tenant ID or Farm ID)NameId: Identifier of user you are tryingtoidentify on behalf of: SID (AD)Nii: Who is theidentifier provider for the NameID.Nbf: Not before, datethat token starts being valid.Exp: Expires, datethattoken stops beingvalid.Actor: the actualappthat is making the call.Calculate datefornbfandexp:(Get-Date -Day 1 -Month 1 -Year 1970).AddSeconds(1372367140) ClientID:ACS 00000001-0000-0000-c000-000000000000Exchange 00000002-0000-0ff1-ce00-000000000000SharePoint 00000003-0000-0ff1-ce00-000000000000Lync 00000004-0000-0ff1-ce00-000000000000Workflow 00000005-0000-0000-c000-000000000000Where found: Fiddler » Inspectors (tab) » Auth; Copy Beareranddecode (Base64 encoding) via http://openidtest.uninett.no/jwt