www.it-ebooks.info www.it-ebooks.info Microsoft SharePoint 2013 App Development ® Scot Hillier Ted Pattison www.it-ebooks.info ® Published with the authorization of Microsoft Corporation by: O’Reilly Media, Inc 1005 Gravenstein Highway North Sebastopol, California 95472 Copyright © 2013 by Scot Hillier Technical Solutions, LLC and Ted Pattison Group, Inc All rights reserved No part of the contents of this book may be reproduced or transmitted in any form or by any means without the written permission of the publisher ISBN: 978-0-7356-7498-1 LSI Printed and bound in the United States of America Microsoft Press books are available through booksellers and distributors worldwide If you need support related to this book, email Microsoft Press Book Support at mspinput@microsoft.com Please tell us what you think of this book at http://www.microsoft.com/learning/booksurvey Microsoft and the trademarks listed at http://www.microsoft.com/about/legal/en/us/IntellectualProperty/ Trademarks/EN-US.aspx are trademarks of the Microsoft group of companies All other marks are property of their respective owners The example companies, organizations, products, domain names, email addresses, logos, people, places, and events depicted herein are fictitious No association with any real company, organization, product, domain name, email address, logo, person, place, or event is intended or should be inferred This book expresses the author’s views and opinions The information contained in this book is provided without any express, statutory, or implied warranties Neither the authors, O’Reilly Media, Inc., Microsoft Corporation, nor its resellers, or distributors will be held liable for any damages caused or alleged to be caused either directly or indirectly by this book Acquisitions and Development Editor: Kenyon Brown Production Editor: Rachel Steely Editorial Production: Dianne Russell, Octal Publishing, Inc Technical Reviewer: Wayne Ewington Copyeditor: Bob Russell, Octal Publishing, Inc Indexer: Bob Pfahler Cover Design: Twist Creative Cover Composition: Zyg Group, LLC Illustrator: Rebecca Demarest www.it-ebooks.info Contents at a glance Introduction ix Chapter Introducing SharePoint apps Chapter Client-side programming 45 Chapter SharePoint app security 95 Chapter Developing SharePoint apps 137 Index 173 www.it-ebooks.info www.it-ebooks.info Contents Introduction ix Chapter Introducing SharePoint apps Understanding the new SharePoint app model Understanding SharePoint solution challenges Understanding SharePoint app model design goals Understanding SharePoint app model architecture Working with app service applications Understanding app installation scopes Understanding app code isolation Understanding app hosting models 10 Reviewing the app manifest 14 Setting the start page URL 17 Understanding the app web 18 Working with app user-interface entry points 21 Packaging and distributing apps 28 Packaging apps 29 Publishing apps 34 Installing apps 37 Upgrading apps 39 Trapping app lifecycle events 41 Conclusion 44 Chapter Client-side programming 45 Introducing JavaScript for SharePoint developers 46 Understanding JavaScript namespaces 46 Understanding JavaScript variables 46 What you think of this book? We want to hear from you! Microsoft is interested in hearing your feedback so we can continually improve our books and learning resources for you To participate in a brief online survey, please visit: microsoft.com/learning/booksurvey v www.it-ebooks.info Understanding JavaScript functions 48 Understanding JavaScript closures 49 Understanding JavaScript prototypes 50 Creating custom libraries 51 Introducing jQuery for SharePoint developers 54 Referencing jQuery 55 Understanding the global function 55 Understanding selector syntax 56 Understanding jQuery methods 56 Understanding jQuery event handling 57 Working with the CSOM 58 Understanding client object model fundamentals 58 Working with the managed client object model 61 Working with the JavaScript client object model 69 Working with the REST API 77 Understanding REST fundamentals 77 Working with the REST API in JavaScript 81 Working with the REST API in C# 87 Conclusion 93 Chapter SharePoint app security 95 Reviewing the concepts of authentication and authorization 95 Understanding SharePoint 2013 authentication 96 Understanding user authentication in SharePoint 2013 96 Understanding how SharePoint 2013 authenticates apps 98 Understanding app authentication flow in SharePoint 2013 103 Managing app permissions 104 Understanding app permission policies 105 Reviewing how SharePoint manages user permissions 106 Requesting and granting app permissions 107 Requesting app-only permissions 110 Establishing app identity by using OAuth 111 Understanding app principals 113 Developing with OAuth 118 vi Contents www.it-ebooks.info Establishing app identity by using S2S trusts 128 Architecture of an S2S trust 129 Configuring an S2S trust 131 Developing provider-hosted apps by using S2S trusts 134 Conclusion 136 Chapter Developing SharePoint apps 137 Understanding app patterns 137 Building MVVM apps .137 Building MVC apps 146 Using the chrome control 153 Calling across domains 156 Using the cross-domain library 156 Using the web proxy 159 Going beyond the basics 160 Using remote event receivers 161 Using the search REST API 164 Using app-level External Content Types 166 Using the social feed 168 Conclusion 171 Index 173 What you think of this book? We want to hear from you! Microsoft is interested in hearing your feedback so we can continually improve our books and learning resources for you To participate in a brief online survey, please visit: microsoft.com/learning/booksurvey vii www.it-ebooks.info www.it-ebooks.info Controllers, in MVC4 project Controllers, in MVC4 project,  150–152 C# programming language accessing portion of core SharePoint functionality from,  58 challenges of web forms pattern,  146–148 developing apps using MVC4 framework, ​ 148–152 using against social feed,  170 working with REST in,  87–93 Create App Catalog page,  36–37 createItem function,  75 Create, Read, Update, and Delete (CRUD) operations in REST,  77, 83–87 using JavaScript CSOM,  73–77 with C# against REST API,  88–93 creating items using C# against REST API,  89–90 using REST operation,  84 creating lists, through managed CSOM,  65–66 cross-domain calls,  156–160 cross-domain library,  100–101, 156–157 cross-platform development model,  ix Cross-site Scripting (XSS),  100, 156 CRUD (Create, Read, Update, and Delete) operations in REST,  77, 83–87 using JavaScript CSOM,  73–77 with C# against REST API,  88–93 CSOM (Client-Side Object Model) about,  45, 58–59 app authentication using,  98, 99–100, 103–104 calls executed by using cross-domain library,  101 challenges of web forms pattern,  146–148 developing apps using MVC4 framework, ​ 148–152 JavaScript about,  69–71 CRUD operations using,  73–77 returning collections,  70–71, 71–73 managed about,  61, 61–62 creating lists using,  65–66 handling errors,  62–65 returning list items,  66–67 update operations,  67 working with document,  67–68 RESTful endpoints in APIs through,  78 retrieving ClientContext,  162 using against social feed,  168–170 CSS (Cascading Style Sheets), selector syntax and,  56 element editing XML within,  25 structuring,  25–27 custom code inside sandboxed solution,  running,  8–9 running in hosting farm,  running in SharePoint environment,  customer-by-customer basis, isolating data on,  12–13 custom libraries, creating,  51–54 D dacpac files,  34 dashboard seller account, creating,  34 data-bind attribute binding method from ViewModel to HTML elements,  140 of HTML retrieving collection of list items, ​ 141–142 Data Tier Application package,  33 debugging app event handlers,  43 of SharePoint app project and,  17 declarative bindings,  139–140 default tenancy creating by Site Subscriptions Settings Service,  in on-premises farms,  $Deferred method,  144 deferred pattern,  144 DeleteObject method,  67, 76–77 DELETE operations,  92–93 deleting items in JavaScript CSOM,  76–77 items in URIs,  87 items using C# against REST API,  92–93 objects with managed CSOM,  67 Deployment menu command,  38–39 dialog box, displaying page referenced by UI custom action as,  27 distributing apps installing apps after being published,  37–39 installing apps at tenancy scope,  38–39 through publishing apps,  34–38 element,  155–156 DLLs, in app web solution package,  30 document libraries, working with,  67–68 Document Object Model (DOM) jQuery and,  54–55 176  Index www.it-ebooks.info GetContextTokenFromRequest, TokenHelper method jQuery methods manipulating,  56–57 selector syntax referencing,  56 domains, calling across,  156–160 External Content Types (ECT), using app-level, ​ 166–168 External Lists,  166, 168 E F ECB menu item, creating,  25–26 ECT (External Content Types), using app-level, ​ 166–168 encryption asymmetric,  129 symmetric,  114 error scopes in JavaScript, setting up,  71–73 ETags,  86–87, 91–92 event handlers adding,  161–162 debugging,  43 declaring,  161 event handling code,  162–163 event handling, jQuery,  57 event receivers, remote,  161–163 EventType property,  43–44 ExceptionHandlingScope object,  64–65 Exchange Server 2013, creating S2S trusts for,  130 Exchange Server 2013 Preview, information about,  x ExecuteQueryAsync method,  61, 70 ExecuteQuery method,  61, 65 $expand operator, in RESTful operations,  80 external app authentication determining use of,  99 flow of,  117–118 OAuth about developing with,  118–119 acquiring permissions on fly using authorization code,  126–128 app principals in,  113–115 flow of,  117–118 programming TokenHelper class,  119–122 security tokens passed using,  116–118 terms and concepts in,  113 using,  98, 102, 111 working with access tokens,  122–124 working with app-only access tokens, ​ 125–128 using S2S trusts about,  98, 102 developing provider-hosted apps using, ​ 134–135 to establish app identity,  128–135 farm administrator, permissions for creating app catalog site,  35 Farm Creation Wizard, creating instance of App Management Service using,  farms app service applications as requirement for supporting apps in,  5–6 stabilizing,  farm solutions allowing for impersonation,  custom actions available when developing,  25 DLLs with custom NET code in,  30 installation of,  FBA (Forms-based Authentication) security principal and ASP.NET,  95 tokens,  96–97 $filter operator, in RESTful operations,  81 Flash, writing SharePoint-hosted app using,  foreach construct,  140 Forms-based Authentication (FBA),  95 FullControl permissions,  109 full-trust configurations vs high-trust configurations,  129 full-trust model vs app model,  ix full-trust model vs SharePoint app model,  ix functions, JavaScript about,  48 module pattern using,  51–53 self-invoking,  52–53 G GetAccessToken method,  128 GetAccessToken, TokenHelper method,  123–124 GetAppOnlyAccessToken, TokenHelper method,  125 GetAuthorizationUrl, TokenHelper method,  124 GetClientContext WithAuthorizationCode method,  128 GetClientContextWithContextToken, calling,  121 get_contacts method,  140 GetContextTokenFromRequest, TokenHelper method,  120–121 Index  177 www.it-ebooks.info get_current method get_current method,  60 GetFormDigest method,  89 global functions about,  55 DOM manipulations performed from,  56–57 global namespace about,  46 in app project template code,  69 granting app permissions,  107–110 H handling errors in JavaScript CSOM,  71–73 in managed CSOM,  62–65 hash (#) sign, jQuery selector syntax using,  55 help link, defining,  155 high-trust configurations vs full-trust configurations,  129 HomeController, as default MVC4 project template,  150 hosting domain, app web,  19–20 hosting farm, custom code running in,  hosting model, for autohosted apps,  13–14 {HostTitle} token,  154 {HostUrl} token,  28 host web about,  app start page linking back to host web,  21 choosing authentication type for,  99 packaging features of,  31–32 host web authority,  124 HostWebDialog attribute,  27 host web feature,  31 HTML elements, binding ViewModel to,  139–140 HTML tables displaying items in,  85 from calling jQuery ajax method,  139 HTTP DELETE operation,  87 HTTP GET operation,  78, 85, 88 HTTP POST operation,  120 request,  117 HTTP verbs, support for standard,  77 HttpWebRequest object,  88 I icon, defining,  155 IIS (Internet Information Services) enabling SSL on IIS website,  131–132 IIS (Internet Information Services), restarting with SharePoint solutions,  impersonation, allowing for,  Inside Microsoft SharePoint 2013, for advanced topics,  160 installing apps, after being published,  37–39 IntelliSense, managed CSOM supported by,  61 internal app authentication,  98, 100–101 Internet Information Services (IIS), restarting with SharePoint solutions,  InvalidQueryExpressionException error,  63 IRemoteEventService interface,  42, 161 ItemAdded event,  161 ItemAdding event,  161 ItemDeleting event,  161 {ItemID} token,  28 {ItemURL} token,  27, 28 J JavaScript about,  46 accessing portion of core SharePoint functionality from,  58 building apps with MVVM pattern about,  137–138 understanding challenges of,  138–139 using Knockout library,  139–143 closures,  49 component in SharePoint-hosted app,  creating custom libraries,  51–54 cross-domain library in,  100–101 CSOM about,  69–71 CRUD operations using,  73–77 returning collections,  70–71, 71–73 functions about,  48 module pattern using,  51–53 self-invoking,  52–53 making multiple nested asynchronous calls in,  146 namespaces,  46 178  Index www.it-ebooks.info Microsoft SharePoint app development, moving from SharePoint solution development M object notation web tokens,  124 prototypes,  50 strict,  47–48 variables,  46–47 working with REST API in,  81–87 jQuery $.Deferred method,  144 about,  54–55 ajax method,  82–83, 139 event handling,  57 methods about,  56–57 table of,  57 referencing,  55 selector syntax,  56 JSON, OData protocol returning results in,  77 JSON Web Tokens (JWTs),  124 K KeywordQuery class,  164 Keyword Query Language (KQL),  164 Knockout library,  139–143 ko.observableArray type,  142 L libraries contact data,  140 creating custom,  51–54 cross-domain,  100–101, 156–157 CSOM structure for CRUD operations,  74 implementing apps with JavaScript and relationship to,  138–139 Knockout,  139–143 REST structure for CRUD,  83–84 working with document,  67–68 LINQ (Language-Integrated Query),  60–61, 61–62, 88 ListCreationInformation object,  65–66 listdata.svc web service,  77–78 {ListID} token,  28 ListItemCreationInformation object,  65–66 {ListURLDir} token,  28 load method,  70–71 Load method,  60–61, 61–62 loadQuery method,  70–71 LoadQuery method,  60–61, 61–62 Manage App Catalog link,  36–37 “managed” client object model,  58 managed CSOM about,  61 creating lists using,  65–66 handling errors,  62–65 returning collections of items,  61–62 returning list items,  66–67 update operations,  67 working with document,  67–68 Manage permissions,  109 manifest settings,  157 MERGE operations,  86 metadata app manifest,  15–16 BDC Metadata Model file defining ECTs,  167 changing app manifest,  40 needed for Apps for SharePoint document library,  37–38 type,  84–85 methods, jQuery about,  56–57 table of,  57 Microsoft app model vs full-trust model,  ix Microsoft CDN, for jQuery,  55 Microsoft Exchange Server 2013, creating S2S trusts for,  130 Microsoft Exchange Server 2013 Preview, information about,  x Microsoft Office 365 app catalog site in,  35 app principal for cloud-hosted apps in,  113 creating app service applications using,  installing and configuring apps within tenancy of,  market for,  ix SharePoint app model working within,  supporting autohosted apps,  13 supporting OAuth authentication in,  102 tenancy,  112, 114–115, 117, 120 understanding flow of app authentication in,  116–118 Windows Azure ACS and,  112 Microsoft SharePoint app development, moving from SharePoint solution development,  1–2 Index  179 www.it-ebooks.info Microsoft SharePoint app model Microsoft SharePoint app model about,  1–2 architecture about,  app code isolation,  8–9 app hosting models,  8–9 app installation scopes in,  app manifest,  14–17 app user interface entry points,  21–28 app web,  18–20 design goals of,  setting start page URL,  17–19 working with app service applications,  5–6 developing apps for using within private networks,  trapping app lifecycle events,  41–44 upgrading apps using,  39–40 Microsoft SharePoint-hosted apps about,  10 app project template code,  69, 82 configuring element using ~appWebUrl token,  20 creating app web in,  30 creating client web parts in,  23–24 vs cloud-hosted apps,  8–9 Microsoft SharePoint solution development challenges with,  2–4 moving to SharePoint app development,  1–2 solution package files for deployment,  29 Microsoft Silverlight accessing portion of core SharePoint functionality from,  58 writing SharePoint-hosted app using,  Microsoft VBScript, writing SharePoint-hosted app using,  Microsoft Visual Studio 2012 adding web service entry point when changing app events properties,  41–42 app manifest designer in,  16–17 app project template code,  69, 82 creating autohosted app in,  32, 34 debugging phase of SharePoint app project and,  17 implementing app part in,  22 Microsoft Workflow Manager, creating S2S trusts for,  130 module pattern,  51–53 multiple calls, making asynchronous,  143–144 multi-tenancy,  11 MVC (Model-View-Controller) pattern building apps using,  146–148 MVC4 developing apps using,  148–152 using apps in social feed,  168–170 MVVM (Model-View-ViewModel) pattern, building apps using,  137–146 N named _Layout view,  152 name member, accessing,  52–53 namespaces global about,  46 in app project template code,  69 JavaScript,  46 URI,  80 navigation links, defining,  155 nested RESTful calls,  143–144 NET code, in app web solution package,  30 New ASP.NET MVC Project Wizard,  148–149 O OAuth 2.0 protocol,  112, 116–118 OAuth authentication about,  111 about developing with,  118–119 acquiring permissions on fly using authorization code,  126–128 app principals in,  113–115 high-trust configurations vs full-trust configurations,  129 in making REST API call,  123 programming TokenHelper class,  119–122 security tokens passed using,  116–118 terms and concepts in,  113 using,  98, 102 vs S2S trusts,  128 working with access tokens,  122–124 working with app-only access tokens,  125–128 observableArray type, ko,  142 OData (Open Data Protocol) about using with REST,  77 defining ECT against,  166–168 query operators,  80–81 180  Index www.it-ebooks.info querytext parameter Office 365 app catalog site in,  35 app principal for cloud-hosted apps in,  113 app web hosting domain,  20 creating app service applications using,  installing and configuring apps within tenancy of,  7, 38 market for,  ix SharePoint app model working within,  supporting autohosted apps,  13 supporting OAuth authentication in,  102 tenancy,  112, 114–115, 117, 120 understanding flow of app authentication in,  116–118 Windows Azure ACS and,  112 Office Store, publishing apps to,  34–35 onGetUserNameFail function,  70 onGetUserNameSuccess function,  70 on-premises farms autohosted apps and,  13 configuring OAuth support for,  112 creating app catalog site in,  36–37 creating app service applications for,  default tenancy in,  installing and configuring apps using tenancy scope,  Office 365 working within,  supporting external authentication,  102 upgrading to newer versions of SharePoint,  using S2S authorization by establishing trust with provider-hosted apps,  102 Open Data Protocol (OData),  77 defining ECT against,  166–168 query operators,  80–81 $order operator, in RESTful operations,  80 P packaging apps,  29–34 Page_Load event,  87–88 paging items, in RESTful operations,  81 PATCH method,  91–92 PATCH operations,  86 PeopleManager class,  170–171 permission grants,  157 permission requests,  107 permissions acquiring on fly using authorization code, ​ 126–128 managing app,  104–111 permission types,  110 postMessage API,  156 POST operations,  89–90 PowerShell creating app catalog site in,  35 creating instance of Site Subscriptions Settings Service using,  PowerShell script creating x.509 certificates with public/private key pair,  131–132 registering trusted security-token issuer,  132 ProcessEvent method,  43–44, 162 ProcessOneWayEvent method,  42, 162 promise pattern,  143–146 element,  41–42 PropertyOrFieldNotInitializedException error,  62 prototype pattern,  53–54 prototypes,  50 provider-hosted apps.  See also app hosting models about,  10 creating app web in,  30 debugging,  17 installed in SharePoint tenancy,  10–11 installing,  11 ongoing maintenance of,  11 Publish command with,  18 setting start page URL for,  17 using chrome control,  153 using S2S authorization by establishing trust with on-premises farms,  102 using S2S trusts for developing,  134–135 provider-hosted apps, using app events in,  41 public/private key pair creating x.509 certificates with,  131–132 S2S trusts based on,  129 Publish command, with autohosted apps,  18 publishing apps about,  34 displaying,  37 to app catalog site,  35 to Office Store,  34–35 PUT operations,  86 Q query parameters, for REST API,  164 querystring parameter,  170 querytext parameter,  164 Index  181 www.it-ebooks.info rapid application development, web forms supporting R rapid application development, web forms supporting,  148 readAll function,  75–76 ReadAll method,  90–91 ReadAndValidateContextToken, TokenHelper method,  121 reading and writing to social feed,  168–170 reading items across domains,  158 in CRUD operations,  75–76 using C# against REST API,  90–91 using RESTful URI,  85 Read permissions,  109 ready event handler,  74 of document,  58, 155 redirect URL,  114 refresh tokens,  116, 122 Register-AppPrincipal, registering app principal for S2S Trust,  133 ~remoteAppUrl token,  17 remote event receivers,  161–163 remote web about,  chrome control and,  153 Office 365 environment deploying,  13 provider-hosted apps deployed on,  11 triggering execution of code in,  42 using C# against REST API from,  89 using techniques in code behind a start page in,  21 element,  118–119 removeItem function,  76–77 render method,  155 replying to post, in social feed,  171 requesting and granting app permissions,  107–110 RESTful (REST-based solutions) endpoints in APIs through CSOM,  78 making multiple asynchronous calls,  143–144 operators,  80–81 performing CRUD in,  77 search REST endpoints,  164 URIs as entry point for,  79 viewing URIs,  78 RESTful URIs about using,  77 creating,  82–83 creating app web in,  82–83 creating items using,  84 entry point for REST using,  79 instantiating and initializing SP.WebRequestInfo object with,  159 reading items using,  85 updating items using,  86 viewing REST operations using,  78 REST (Representational State Transfer) API about,  45, 77–81 app authentication using,  98, 103–104 architecture of,  78 calls executed by using cross-domain library,  101 class structure for encapsulating CRUD operations against,  88–89 query parameters for,  164 social feed interfaces,  168–170 using OAuth authentication in making call,  123 using search,  164–166 utilizing promise pattern,  143–146 working in C# with,  87–93 working in JavaScript with,  81–87 returning collections of items,  61–62 with JavaScript,  70–71 returning list items, using CAML for,  66–67 ribbon, defining button on,  25 Right attribute,  109 rowlimit parameter,  165 rowsperpage parameter,  165 S S2S trusts about,  98, 102 developing provider-hosted apps using,  134–135 to establish app identity,  128–135 SAML token about,  96–97 in SharePoint host environment app authentication,  103–104, 130 SharePoint host environment seeing,  98–99 sandboxed solutions DLLs with custom NET code in,  30 issues with,  2–3 Scope attribute,  108–109 script tags,  55 search REST API, using,  164–166 Secure Sockets Layer (SSL),  114 182  Index www.it-ebooks.info SHAREPOINT\SYSTEM account, impersonating Security Assertion Markup Language (SAML).  See also SAML token about,  96–97 security principal about,  95 configuring OAuth authentication to register,  102 FBA role as,  95 security problems, with SharePoint solutions,  security tokens, passed using OAuth,  116 {SelectedItemId} token,  28 {SelectedListId} token,  28 selecting items, in RESTful operations,  81 $select operator, in RESTful operations,  80 selector syntax, jQuery, using $ sign,  56 selectproperties parameter,  165 self-invoking function about,  52–53 for CRUD operations,  74 seller dashboard,  35 ServerErrorCode properties,  65 ServerErrorValue properties,  65 ServerException error,  63–64 ServerRelativeUrl properties, requesting,  61 server-side code constraints for app web solution package,  30 running on external website,  8–9 writing SharePoint-hosted app using,  server-side object model, SharePoint PowerShell script using SPAppPrincipalManager class in,  133–134 ServerStackTrace properties,  65 Server-to-server (S2S) authentication,  102 SHAREPOINT\APP account,  126 SharePoint app development, moving from SharePoint solution development,  1–2 SharePoint app model about,  1–2 architecture about,  app code isolation,  8–9 app hosting models,  8–9 app installation scopes in,  app manifest,  14–17 app user interface entry points,  21–28 app web,  18–20 design goals of,  setting start page URL,  17–19 working with app service applications,  5–6 developing apps for using within private networks,  trapping app lifecycle events,  41–44 upgrading apps using,  39–40 vs full-trust model,  ix SharePoint app project adding new client web part to,  22 debugging phase of,  17 property sheet for,  41 SharePoint farms app service applications as requirement for supporting apps in,  5–6 authenticating users by using external identity providers,  97, 130 configuring S2S trusts within,  130 stabilizing,  SharePoint Foundation platform, defining of types of permissions in,  109 SharePoint-hosted apps.  See also app hosting models about,  10 app project template code,  69, 82, 87–88 configuring element using ~appWebUrl token,  20 creating app web in,  30 creating client web parts in,  23–24 ready event in,  58 using internal authentication,  100–101 vs cloud-hosted apps,  8–9 SharePoint host environment about use of term,  app authentication in,  98–99, 103–104, 130 needing to trigger execution of code in remote web,  42 prompting user for premission requests,  107 serving up pages in from app web,  20 {StandardTokens} token in,  18–19 Windows Azure ACS and,  112 SharePoint PowerShell script, registering trusted security-token issuer,  132 sharePointReady function,  82–83 SharePoint Server 2013 Virtual Machine Setup Guide (Critical Path Training), free download for building app environment for private networks,  SharePoint solution development challenges with,  2–4 moving to SharePoint app development,  1–2 solution package files for deployment,  29 SharePoint solution projects, custom actions in,  25 SHAREPOINT\SYSTEM account, impersonating,  Index  183 www.it-ebooks.info SharePoint tenancy SharePoint tenancy Office 365 creating new,  provider-hosted app installed in,  10–11 Silverlight accessing portion of core SharePoint functionality from,  58 writing SharePoint-hosted app using,  Simple Object Access Protocol (SOAP),  77 singleton pattern,  51 Site Content page,  38 site scope, installing SharePoint apps at,  Site Subscriptions Settings Service creating instance of,  in SharePoint farm supporting apps,  5–6 {SiteUrl} token,  28 $skip operators, in RESTful operations,  81 SOAP (Simple Object Access Protocol),  77 social feed,  168–171 SocialFeedManager class,  170 SocialFeedType,  170–171 sorting items, in RESTful operations,  81 sortlist parameter,  165 {Source} token,  28 sourceid parameter,  165 SPAppPrincipalManager class,  133–134 SPAppWebUrl parameter,  60, 154 SP.ClientContext class,  60 SP.Data.ContactsListItem,  84–85 SPHostTitle parameter,  154 SPHostUrl parameter,  18, 21, 154 SPLangauge parameter,  18, 154 SP.ListItemCreationInformation object,  75 SPRemoteEventResult class,  42 SP.RequestExecutor object,  156, 158 SPSecurity.RunWithElevatedPrivileges, calling,  SP.WebRequestInfo object,  159 SQL Azure databases autohosted app associated with,  33 creating on demand,  13 SQL Package property,  34 SSL (Secure Sockets Layer),  114, 131–132 {StandardTokens} token,  18–19, 21, 154 standard web parts vs app parts,  22 start page app start page linking back to host web,  21 URL setting of,  17–19 element configuring URL within,  17 creating URL for,  18 in MVC4 project,  150, 152 startrow parameter,  165 static class, structure of,  89 strict JavaScript,  47–48 symmetric encryption,  114 T tenancies concept of,  managing,  tenancy scope installing apps at,  38–39 installing SharePoint app at,  tenant administrator,  title, defining,  155 Title property,  61, 88 title string,  114 TokenHelper class,  119–122, 128, 130, 135, 162 $top, in RESTful operations,  81 TrustAllCertificates, calling,  136 trusted security token issuer,  130 type metadata,  84–85 typeof operator values,  47 U UI custom actions about,  25 as entry point of app user interface,  21 building,  24–25 feature hosting,  32 item templates for adding,  23 tokens that can be used in,  28 Uniform Resource Identifiers (URI),  77 updateItem function,  76 Update method,  67 updating operations in JavaScript CSOM,  76 through managed CSOM,  67 using C# against REST API,  91–92 using RESTful URI,  86–87 upgrading apps,  39–40 upgrading code, to newer version of SharePoint solution,  URIs (Uniform Resource Identifiers) deleting operation using,  87 namespace,  80 object,  80 184  Index www.it-ebooks.info Windows PowerShell RESTful about using,  77 creating,  82–83 creating app web in,  82–83 creating items using,  84 entry point for REST using,  79 instantiating and initializing SP.WebRequestInfo object with,  159 reading items using,  85 updating items using,  86–87 viewing REST operations using,  78 using HttpWebRequest object for invoking,  88 value of Scope attribute,  108–109 URL code required to generate permission request by using authorization,  127 parts of app web,  20–21 redirect,  114 specifying OData source,  167 start page setting,  17–19 element, configuring,  27 element,  161 user authentication in web applications,  97, 99 managing permissions,  106–107 "use strict" statement,  47–48 using statement,  61 V variables about,  46–47 populating,  70 var keyword,  46–47 VBScript, writing SharePoint-hosted app using,  ViewBag object,  151 ViewModel component JavaScript binding,  137–138 Knockout library allowing JavaScript to create,  139–143 Views, adding for Controller,  152 Visual Studio 2012 adding new project item for client web part,  22 adding web service entry point when changing app events properties,  41–42 app manifest designer in,  16–17 app project template code,  69, 82 creating autohosted app in,  32, 34 debugging phase of SharePoint app project and,  17 implementing app part in,  22 W WCF (Windows Communication Foundation),  58 web applications avoid creating classic-mode,  97 configuring user in,  97 web.config files requirements when developing apps for use in Office 365 as,  118–119 updating,  135 web.config files, managing assembly redirection entries across,  web deploy package, building for autohosted app,  32 web forms, challenges of,  146–148 webpages binding server side SharePoint data sources to app,  139–143 binding ViewModel to,  140 implementing apps with JavaScript and relationship to,  138–139 Web Project property, setting,  149 web proxy,  159–160 web-scoped features, host web feature,  31 webServerRelativeUrl property,  82–83 web service entry point, adding,  41–42 websites, writing server-side code executing at external,  web tokens, JavaScript object notation,  124 Windows Azure Office 365 environment integrating with,  13 packaging format for environment in,  32 Windows Azure ACS about,  112 creating access tokens,  122 creating context tokens,  116–118 keeping configuration data for app principals in sync,  113 OAuth authentication and,  102, 121, 122 Windows Azure Catalog Apps, publishing,  35 Windows Communication Foundation (WCF),  58 Windows PowerShell creating app catalog site in,  35 creating instance of Site Subscriptions Settings Service using,  Index  185 www.it-ebooks.info Windows PowerShell script, creating x.509 certificates with public/private key pair Windows PowerShell script, creating x.509 certificates with public/private key pair,  131–132 Workflow Manager, creating S2S trusts for,  130 Write permissions,  109 writing and reading to social feed,  168–170 wsp files,  29 X x.509 certificates,  102, 131–132 X-Frame-Options header,  23–24 XML code definition for client web part in SharePointhosted app project,  22 editing within element,  25 within element,  22 XML files app manifest,  14–15 defining client web parts and UI custom actions in packaging of,  32 XSS (Cross-site Scripting),  100, 156 186  Index www.it-ebooks.info About the Authors SCOT HILLIE R is an independent consultant and Microsoft SharePoint Most Valuable Professional, focused on creating solutions for Information Workers with SharePoint, Microsoft Office, and related Microsoft NET technologies He is the author/coauthor of 15 books and DVDs on Microsoft technologies, including Inside Microsoft SharePoint 2010 Scot splits his time between consulting on SharePoint projects, speaking at SharePoint events such as Tech Ed, and delivering training for SharePoint Developers Scot is a former United States Navy submarine officer and graduate of the Virginia Military Institute He can be reached at scot@shillier.com TE D PAT TISON is an author, instructor and owner of Critical Path Training (www.CriticalPathTraining.com), a company dedicated to education on SharePoint technologies Ted has worked with Microsoft’s Developer Platform Evangelism group and the SharePoint Product team to research and author SharePoint developer training material early in the alpha phase of the product lifecycle for SharePoint 2007, SharePoint 2010, and SharePoint 2013 He is also the coauthor of Inside Microsoft SharePoint 2010 www.it-ebooks.info What you think of this book? We want to hear from you! To participate in a brief online survey, please visit: microsoft.com/learning/booksurvey Tell us how well this book meets your needs—what works effectively, and what we can better Your feedback will help us continually improve our books and learning resources for you Thank you in advance for your input! www.it-ebooks.info Critical Path Training is your fastest way up the SharePoint 2010 learning curve Listen to what our customers have to say: “ [The Great SharePoint Adventure] was the best course I‘ve ever taken Ted [Pattison] did an excellent job of presenting the information, and the demos were extremely useful John, British Columbia Andrew [Connell] is a rock star Easily the best instructor I‘ve had for a technical training class He knows SharePoint, keeps it entertaining, and doesn‘t forget how it's done in the real world Top notch Tim, Michigan Maurice Prather is the best Microsoft trainer I have ever had at any conference, seminar, or paid training Tim, Dallas Asif [Rehmani] is a wonderful instructor He paced the class well and used lots of real world examples to apply the materials I also appreciated him suggesting outside vendors for sharepoint products; it‘s nice to hear from the people who really know these vendors! Heidi, Florida Matt McDermott was as entertaining as he was educational Phenomenal instructor Timing of the course was perfect and was a good pace all week Plenty of time for labs I would recommend this course to all SharePoint IT Professionals Daniel, Florida ” Get training directly from the instructors who wrote this book Critical Path Training offers hands­on training, online training, private onsite classes and courseware licensing Ted Pattison Andrew Connell www.CriticalPathTraining.com Scot Hillier Maurice Prather Asif Rehmani www.it-ebooks.info Matt McDermott David Mann John Holliday @criticalpath www.it-ebooks.info ... SharePoint apps in sites throughout the farm 6  Microsoft SharePoint 2013 App Development www.it-ebooks.info Building an environment for SharePoint app development If you plan on developing SharePoint. .. the new SharePoint app model The move from SharePoint solutions development to SharePoint app development represents a significant change in development technique and perspective However, Microsoft. .. Working with app service applications SharePoint 2013 relies on two service applications to manage the environment that supports SharePoint apps The first service application is the App Management