Article 16 from 30 : Using Remote Receivers to handle app events

This post is article 16 from the 30 Articles App series for SharePoint

Today I will talk about how to handle app events with Remote Event Receivers !!

Do you need to perform some precise tasks when your app is installed or upgraded, well then you must use Remote Event Receivers.

Remote Event Receivers are only available to cloud(auto/provider both) -hosted app but not to SharePoint-Hosted app. [ When you try to add event receivers to SharePoint-hosted app it will be automatically converted into auto-hosted app !!]

How to create event receiver for your app-events:

Go to your SharePoint-app project -> Right click and go to property => Now set value =true to “Handle App Installed” and rest of the events that you want to handle.

remote_App1

This will generate AppEventReceiver.svc service in your web-project and also make necessary changes to app-manifest as below:

remote_App2

In the ProcessEvent method you can handle app related events… App Installed, App Upgraded, App Uninstalled

Pass the second variable true for SPAppWeb-clientcontext and false for SPHostWeb -clientcontext to the CreateAppEventClientContext method of TokenHelper.

Hope that helps.

 

Article 15 from 30 : Configuring Server to Server High Trust for provider hosted apps

This post is article 15 from the 30 Articles App series for SharePoint

Today, I will discuss about what is High-Trust Apps and how to configure s-2-s protocol.

What is a High-Trust App?

It is provider-hosted app for on-premise environment use and not proposed for cloud-hosted environment. It uses server-to-server protocol to create “High-trust”. It is considered “high-trust” because it is trusted to use any user identity that the app needs, because the app is responsible for creating the user portion of the access token.

A high-trust app uses a certificate instead of a context token to establish trust.

Apps that use the server-to-server protocol would typically be installed behind the firewall in instances that are specific to each individual company.

How to configure server-to-server high-trust?

Step-1 : Configure an app for use as a high-trust app

creates and exports a test certificate by using the Create Self Signed Certificate option in IIS.

1-SelfCertificate

create .pfx file ::

Go to IIS Manager -> Choose Server Certificates  -> right-click and choose “Create Self-signed Certificate”.

2-SelfCertificate

select just created certificate ->export the .pfx file

Include ClientSigningCertificatePath and password  for this .pfx file to web.config file of the app.

create .cer file ::

select just created certificate -> double click and choose the “Details” tab -> on bottom right corner click the “Copy to File”

3-SelfCertificate

The certificate export wizard will start and choose don’t export the private key. keep the default values for file format. choose the path for .cer file and export.

4-SelfCertificate

Step-2 : Configure SharePoint 2013 to use high-trust apps
Pre-requisite : you should have configured the App isolation for on-premise environment at this point.

the app management service and user profile application should be started and running

at least one profile is created in the User Profile Service Application as follows

 

Run following powershell script using SharePoint Management Console:

(1) get appId
$appId = your app id (Guid) here. All letters of the client-id must be of lowercase.

(2) get spweb where you want to deploy your high-trust app
$spurl ="http://yoursharepointSite"
$spweb = Get-SPWeb $spurl

(3) Get the current authentication realm for your SharePoint site
$realm = Get-SPAuthenticationRealm -ServiceContext $spweb.Site

(4) Get the corresponding file to the .cer file you are using for the app => the one we just created in step-1
$certificate = Get-PfxCertificate $publicCertPath

(5) Get the app Id together with the realm value.
$fullAppIdentifier = $appId + '@' + $realm

(6) Create a trusted security token service. This basically fetches metadata from your app and establish trust with it, so that SharePoint 2013 can accept tokens that are issued by your app.
New-SPTrustedSecurityTokenIssuer -Name "High-Trust-App-Name" -Certificate $certificate -RegisteredIssuerName $fullAppIdentifier

(7) Register the app principal with the app management service, so you can grant app permissions.
$appPrincipal = Register-SPAppPrincipal -NameIdentifier $fullAppIdentifier -Site $spweb -DisplayName "High-Trust-App-Name"

Now you have successfully configured server-to-server high trust and the app can use certificate instead of a context token.

Hope you all had a lovely Christmas and wish you all a very happy and healthy new year..!!

Article 14 from 30 : System account can not deploy or purchase an app in SharePoint 2013 RTM

This post is article 14 from the 30 Articles App series for SharePoint

About 25 days ago , SharePoint 2013 RTM was made available to public and before few days Visual Studio 2012 Office tools Preview2 made available so now you are good to go for developing apps for RTM .

Today I will discuss about which account you should use for app deployment for on-premise environment.

I see many people are asking about the deployment issue they are getting while using System Account with SP2013 RTM.

Below is the summary of the error.

Error 1 Error occurred in deployment step ‘Install app for SharePoint’: The System Account cannot perform this action.

Cause of the error :

When you are logged in as system account (local administrator) , and you are trying to install and deploy the SharePoint app above error will appear.

This is a change in SharePoint 2013 RTM that system account are no longer supported to deploy or purchase any app from the market. It was supported in RT but it’s now prohibited because of security reason.

Woraround / Solution

  1. Create a new account in your domain let say CONTOSO/SPApp_Admin
  2. This account should be local admin
  3. This account should also be farm admin [ Farm administrator can be added from central admin -> site settings -> People -> Fram Administrator -> Add CONTOSO/SPApp_Admin ]
  4. Now login to your VM/ SharePoint Dev machine as  CONTOSO/SPApp_Admin
  5. You are good to go for deploying app to your local farm using visual studio

Hope that helps.