-Apps or not to App

SharePoint - Intro~~ 1
Advantage
 Ease Discovery, Purchase and Installation process.
 Give administrators the safest SharePoint extensions.
 Provide flexibility in developing future upgrades.
 Maximize advantage of your existing non-SharePoint
programming skills.
 Integrate cloud-based resources flexibly
 Distinct permission
 Cross-platform standards, including HTML, REST,
OData, JavaScript, and OAuth
Contd…
 Data access
 SharePoint cross-domain JavaScript library
 Microsoft-provided secure token service OAuth-
compatible
 Digital certificates to get authorization to SharePoint
data.
Existing Options
 Full-Trust solutions
 All code in a full-trust application runs within
SharePoint’s own w3wp server processes
 Any slow or inefficient code hurts server performance
 Can compromise information stored
 Sandboxed solution
 Do not run with full-trust
 Separate isolated process within server
 Access a subset of the Server-Side Object Mode
 Access resources within the local site collection
Contd…
 Poorly written code can cause performance issue in the
server
 Solutions corrupting memory automatically restarts
 Limitations on what data can be accessed
 Limiting access to the SSOM and Limited CSOM
 Power user find managing solution packages very
confusing
Need for Apps
• No custom code on the SharePoint server

 Easier to upgrade to future versions of SharePoint

 Works in hosted environments w/o limitations

• Reduces the ramp-up time for those building apps

 Don’t need to know/be as familiar with SharePoint

• Leverage hosting platform features in new apps

• Enables taking SharePoint apps to different levels

Apps
 A SharePoint app cannot contain any server-side code
at all
 The data access, business, and user interface outside of
the SharePoint server farm
 SharePoint may host the app files
 SharePoint acts as portal for storing data and exposing
applications
 a
AppWeb
Hostweb
b
c d e SP
P

Site/Page Workflow Lists

WebApp B
UI
Remote
Server
Biz
Logic
Service

Data
DB

APP
Components in Apps
 Layers in components
 UI/Biz/Data
 Location in where components are distributed
 SharePoint
 Remote
 Client browser
 a
AppWeb
Hostweb
b
c d e SP
P

Site/Page Workflow Lists

WebApp B
UI
Remote
Server
BIZ
Service

Data
DB

APP
App types
 Apps that do not need trust
 SharePoint-only apps
 SharePoint-surfaced apps
 Apps that need trust
 Remote-only apps
 Mixed apps
Components
 Location
 On premise
 Cloud
 Hybrid
Trust using ACS-OAuth – Interaction
Access
Token

Refresh
Token
Context
Token
Server to Server
Cross domain
Cross Domain
Trust system
SharePoint component location Remote component location Trust system

On-premises On-premises SharePoint server-to-server STS

(OAuth) and certificate
-or-
OAuth + Microsoft Azure AD Access
Control

On-premises In-cloud SharePoint server-to-server STS

(OAuth) and certificate
-or-
OAuth + Microsoft Azure AD Access
Control

In-cloud (SharePoint Online) In-cloud OAuth + Microsoft Azure AD Access

Control

In-cloud (SharePoint Online) On-premises and outside firewall OAuth + Microsoft Azure AD Access
Control
-or-
Cross-domain library

In-cloud (SharePoint Online) On-premises and inside firewall Cross-domain library

 a
AppWeb
Hostweb
b
c d e SP
P

Site/Page Workflow Lists

WebApp B
UI
Remote
Server
BIZ
Service

Data
DB

APP
Deploying patterns
 SharePoint-hosted
 Provider-hosted
Possible combinations of deployment
with API
SharePoint-
Language API Provider-hosted
hosted

Javascript CSOM Use when cross- Excellent choice

domain support
is required

Javascript REST Use when cross- Excellent choice

domain support
is required

C# CSOM Excellent choice Not possible

C# REST Good choice Not possible

 a
AppWeb
Hostweb
b
c d e SP
P

Site/Page Workflow Lists

WebApp B
UI
Remote
Server
BIZ
Service

Data
DB

APP
Data access pattern
 SharePoint data on the app web.
 The app is the exclusive user of the data.
 The app and the data share the same life cycle.
 JSOM or cross-domain library
 SharePoint data on the host web.
 Provision SharePoint components in app install event.
 Host web permissions to create data on the host web.
 External data
 Web Proxy
 BCS
 Remote event receiver
 WCF
 Rest
Data access options
Contd…
Hosting options
Cloud (provider-hosted or
SharePoint-hosted
autohosted)

App scope SharePoint site Site or tenancy

Architecture Website Multitenant app

Developer skill set SharePoint + HTML or Full stack

JavaScript
User interface technologies SharePoint + HTML or Any web stack
JavaScript
Server code None Any (none on SharePoint)

Storage Lists and document Any

libraries
Key limitations No server code Hosting expertise required
App security considerations
 Identity
 Permissions
 Rights
 Scope
Other considerations
 Development
 Distribution
 Installation
 Versioning
MVC Apps
UX for Apps
End of Session