pushing the boundaries - a deep-dive into real-world sharepoint add-in and app development.pptx
TRANSCRIPT
About Me
@eshupps sharepointcowboywww.sharepointcowboy.-com
slideshare.net/eshupps linkedin.com/in/eshupps
Eric ShuppsSharePoint Server MVP
SharePoint Hosted
What Works What Doesn’t
JSOM & REST
Auto Deployment
Inherited Context
Declarative Artifacts
REST
CSOM
Compiled Code
Event Receivers
Iterative Deployment
Forms Authentication
Provider Hosted
What Works What Doesn’t
CSOM, REST & O365 API’sIterative Deployment
Forms Authentication
Compiled Code
Event Receivers
JSOM
Inherited Context
Auto Deployment
RequestDigest
Client Secret Expiration
Declarative Artifacts
Mobile
What Works What Doesn’t
REST & O365 API’s
IOS & Android
Native Code
Azure AD SSO
JSOM
Inherited Context
Declarative Artifacts
Deep Integration
CSOM
Managed
Typed
Coverage
Samples
Server Side
Synchronous
Authorization
.NET Only
Compiled
The Good
The Bad
The Ugly
JSOM
Authorization
Context
Client-side
Asynchronous
Coverage
Samples
Dependencies
Cross Domain
SP Hosted Only
Debugging
The Good
The Bad
The Ugly
REST
Cross Platform
Client-side
ODATA
Asynchronous
Authorization
Samples
Coverage
Cross Domain
Syntax
Performance
Throttling
The Good
The Bad
The Ugly
Office 365
Client-side
Cross Platform
Unification
Asynchronous
O365 Only
Samples
Authorization
Cross Domain
Coverage
Performance
Throttling
The Good
The Bad
The Ugly
PermissionsAuthorizationAuthentication
On-Premise
NTLM
Forms
SSO
High Trust
Low Trust
Anonymous
User
App
Groups
PermissionsAuthorizationAuthentication
Office 365
Azure AD
NTLM
SSO
Low Trust
High Trust
Anonymous
User
App
Groups
PermissionsAuthorizationAuthentication
Azure
Azure AD
SSO
NTLM
Low Trust
High Trust
Anonymous
User
App
Groups
App Web
• Not primary user context
• Declarative artifacts or code
• Iterative deployments destroy content
• Only provisioned via SPHA or PHA with declarative artifacts
Host Web
• Code only – no declarative artifacts
• Requires Cross Domain calls
• Injection remnants difficult to remove
Scopes
• On-Premise• Modify and manipulate – do not
replace
Master Pages
•PHA: External (CDN)•SPHA: External or App Web
Dependencies
• On-Premise: Declarative or Programmatic
• Online: ProgrammaticAssets
•Do not rely upon remote event receivers•Beware the dangers of injection
Retraction
Branding
Data Sources
• Lists• Managed
Metadata• Search• BCS• External
Components
• Master Pages• Client Web
Parts• Scripts
Navigation
Sites
What Works What Doesn’t
Programmatic ProvisioningCSOM, JSOM & REST
App Deployment
Core Templates
Site/Web Templates
Stapling
STP Files
Sandbox Solutions
Features
App Authorization
On-Premise
• Apps• SSL• DNS• [PHA] Server to Server (S2S) High Trust or Hybrid Low
Trust
Configuration
• [SHA] None• [PHA] Servers, Networking, Authentication, Admin Access
Resources
•Corporate Catalog•Developer Site•Store
Distribution
Office 365
• Apps
Configuration
• [SHA] None• [PHA] Servers, Networking, Authentication, Admin
Access
Resources
• Corporate Catalog• Developer Site• Store
Distribution
Azure
• AD Apps• SSL• DNS• SSO• Permissions
Configuration
•Servers, Networking, Authentication, Admin Access•Azure AD Premium*
Resources
• Admin assignment
Distribution