Wednesday, January 30, 2013

SharePoint 2013 Provider Hosted App referencing\loading ASP.Net web application deployed to another server\machine not part of 2013 farm using server to server (S2S) trust

Scenario: In this post I will be explaining the process of loading ASP.Net webapplication deployed to remote server (remote server is not part of the SharePoint farm), in to SharePoint provider hosted app using server to server trust (S2S). The provider hosted app is deployed to SharePoint 2013 farm.
The remote web application will have all the UI and business logic.
Prerequisite’s:
1. You need to have SharePoint 2013 farm up and running.
2. Ensure that App Management service and User profile service applications are started.
3. Visual studio 2012 installed on remote server and Sharepoint dev environment.
4. Install visual studio app templates on your Sharepoint2013 dev environment. You can download the app dev templates from here under “Tools”:
5. Create a SSL enabled web application in SharePoint 2013 farm, this is the site you will deploy your provider hosted app to.
Walkthrough:
Log-on to SharePoint 2013 machine and do the following:-
1. Create a self-signed certificate in IIS as shown in below screen shot name it; say ‘test’ and click on “Ok”.
2. Right click on newly created certificate ‘test’ in IIS and select “Export” the “Export Certificate” wizard will open as shown in below screen shot.
     Here provide path to save on disk, type the password and click ok. The certificate will be stored with .pfx extension in the said location.
 
3.  Within IIS double click on “test” certificate, the “Certificate” wizard will open as shown in below screen shot.
 
Go to “Details” tab and click on “Copy to File”. Click on “Next” thrice with default values selected. As shown in below screen shot.
 
Here browse to the location where you want to save this certificate and give it a name test.cer and click “save”. Click “Next” and click “finish”.
 
4. Now copy the “test.cer” created in step 3, to remote VM\machine where you want to host the Remote webapplication containing the UI and business logic for the SharePoint app.
 
5. On your SharePoint dev environment open visual studio 2012 as administrator, click fileànew Project and under “Other Project types” select “Visual Studio Solutions” and give project a name say “test” and click “Ok”. Now right click on Solution explorer test, go to Addànew project, under “Office/SharePoint” click “Apps” and select “App for Sharepoint 2013” template give it a name say “test1” and click “Ok”. The “New App for SharePoint” wizard will open as shown in below screen shot.
 
Fill the other details as shown in the above screen shot and click “Next”. The “Configure authentication settings” wizard will open as shown in below screen shot
<!--[endif]-->
Here select “Use a certificate” option and in “Certificate location” select the path were you have stored the “test.pfx” file in step 2. Type a password you have given previously. For the “Issuer ID” generate a guid from visual studio, convert it in to lower case and paste it. Make a note of the “Issuer ID” guid, you need it later. Click “Finish”
        Note: the “Issuer ID” guid must all be in lower case, if not make it lower case.
6. Now go to “AppManifest.xml” and update “ClientId” value “*” with “Issuer ID” guid         from  step 5.
7. Update the “StartPage” value in the “AppManifest.xml” with landing page of the    WebApplication hosted on remote web server. It should look similar to below
Where “11.200.217.176” is the IP address of the remote webserver/machine where the remote web application is installed. 
 
8.Open SharePoint 2013 Management Shell and execute below CMDLETs
$publicCertPath = "<cert path>"
 
$appId = "<Issuer ID/Client ID>"
 
$spurl ="https://mycompany.com/"
 
$spweb = Get-SPWeb $spurl
 
$realm = Get-SPAuthenticationRealm -ServiceContext $spweb.Site
 
$certificate = Get-PfxCertificate $publicCertPath
 
$fullAppIdentifier = $appId + '@' + $realm
 
New-SPTrustedSecurityTokenIssuer -Name "Test1" -Certificate $certificate -RegisteredIssuerName $fullAppIdentifier
 
$appPrincipal = Register-SPAppPrincipal -NameIdentifier $fullAppIdentifier -Site $spweb -DisplayName "Test1"
 
Set-SPAppPrincipalPermission -Site $spweb -AppPrincipal $appPrincipal -Scope Site -Right FullControl
 
Where "<cert path>" is the path where you have stored the certificates in step 2. "<Issuer ID/Client ID>" is the lower case GUID created in step 5. “$spurl” is the site you want to install/debug your app to. Press “enter” in O15 Management shell.
 
9. Go to IIS Manager, expand sites. Right click on the SSL enabled web application you created as part of pre-requisite and click on “Edit Bindings”. Here create a new “https” binding, select port 443 and select “test” for SSL certificate as shown in below screen shot and click “Ok”.

10. Now in Visual studio 2012 press Ctrl+F5 to deploy the app to SharePoint site. On successful deployment, when you click on the app the “remote web application” landing page will be loaded.
 
Deploying or Installing Webapplication on remote web server.
 
The webapplication on remote webserver can be developed using any technology, but here I am using .net and IIS web server.
 
1.Log on to the remote web server
 
2.Open visual studio 2010 as administrator and create new project with “ASP.Net Web Forms Application” name it say “test”.
 
3. In solution explorer go to “default.aspx” page find <asp:Content> tag with ID=”BodyContent” clear all the code in between this <asp:content> and place a button with “onClick” event. Go to buttons code view and in it’s click event, type some text like “Hello from remote web app”.
 
4.Build the solution.
 
5.After successful build, in solution explorer select “test” project, right click and select “Publish” and publish it to IIS. The details steps on how to publish the web application to IIS using visual studio can be found here:-
Alternatively, you can use web platform installer4.0 and web deploy component to publish web application to IIS.
 
6.Open IIS Manager, on remote web server; go to the site on to which you published the web application in step 5. Click on “Bindings” under “Actions” and add “https” binding with port 443 and select “test.cer” certificate (the test.cer certificate must be copied from SharePoint 2013 farm and must be imported to IIS to be used on remote web server).
 
The above demonstration is from developer’s point of view, which can be easily extended to production environments.

Tuesday, January 29, 2013

SharePoint2013: How to add an app from App Catalog to a site

Scenario: How to add an app to a site from App Catalog.

Solution: On Site Collection click on "Site Contents" then click on "add an app". Then from the "Quick launch navigation" on the left click on "From Your Organization" as show in below screen shot:-
 
If you have uploaded the app to your Organization's app catalog, you should see it now. You then just click on your app to add it on to your site.

Saturday, January 26, 2013

SharePoint 2013 Provider hosted high trust app server returned an error: (401) Unauthorized or 403 forbidden

Scenario: While deploying provider hosted high trust app on to http site on port 80 (not https), I got 401 and 403 forbidden error

Solution: If you get this error ensure below steps:-

1. There is no user profile created for the user the app is acting on behalf of. Ensure that you have created a user profile for the user accessing the remote app.

2. You app certificate was not added to the trusted certificate store.

3. Your .NET web application is accepting anonymous requests. This means there is not a real user identity in the access token. Ensure that the root directory of your remote web app has anonymous access disabled in IIS.

If none of the above worked for you then run below command in "SharePoint 2013 Management Shell":-
$serviceConfig = Get-SPSecurityTokenServiceConfig
$serviceConfig.AllowOAuthOverHttp = $true
$serviceConfig.Update()

The above command will turn off the HTTPS

SharePoint 2013 "Error occurred in deployment step 'Install app for SharePoint': The System Account cannot perform this action"

Scenario: When I was trying to deploy an APP to SharePoint 2013 farm I got below error message
"Error occurred in deployment step 'Install app for SharePoint': The System Account cannot perform this action".

Solution: One approach that I would suggest to get rid of the above error is to have two accounts:-
1. Have a system account, this account should be added to Administrators group of the SharePoint machine/VM
2. While creating the SharePoint2013 farm (i.e while joining to a new farm) use a different account, other than system account used in step1

So basically when you login to your SharePoint VM/machine you login with account in step 1. But, the farm admin and all of your application pools must be running on account created in step2.

Note: If you try to change the App pool account from IIS manager to different account after the farm has been created it may not work, atleast it didn't work for me.

One way to check this setting has worked for you, is by looking at the "WelcomeMenu" on top right of the SharePoint site, it should show you the account in step1. It should not display "System Account" on welcome menu.

Thursday, January 3, 2013

SharePoint implementing Application pages security using object model code

Scenario: Restricting Application page content to be viewed only by logged in user(s) who have full control
Solution:
SPWeb myWeb = SPContext.Current.Web;
//get logged in user permissions levels
SPRoleDefinitionBindingCollection UserPrmissions = myWeb.AllRolesForCurrentUser;
//get all the permissions level on the current web
SPRoleDefinitionCollection sitePermissionCollection = myWeb.RoleDefinitions;
SPRoleDefinition roleDef = sitePermissionCollection["Full Control"];
if(UserPrmissions.Contains(roleDef))
//show content only to users who have full control

Delete\Remove custom Site Colums using SharePoint object model

Scenario: Delete\Remove Site Columns using SharePoint Object model code

Solution:  Add a feature receiver and in FeatureUninstalling write below code
SPWeb myWeb = properties.Feature.Parent as SPWeb;
myWeb.Fields["{GUID of Site column to delete}"].Delete();

SharePoint2013 Enable Licensing and office webapps editing for all SAML custom claims provider users

Scenario: How to enable licensing\ Office webapps edit for all SAML custom claims provider users

Solution: In SharePoint2013 management shell execute below commands
1) $allCustomProviderUsers = New-SPClaimsPrincipal -EncodedClaim "c:0!.s|trusted%3aCustomClaimsProvidername"

Get-SPWebApplication | select Url | %{New-SPUserLicenseMapping -Claim $allCustomProviderUsers –License "Enterprise" -WebApplication $_.Url | Add-SPUserLicenseMapping}
Enable-SPUserLicensing

2)
$allCustomProvideraccount = New-SPClaimsPrincipal -EncodedClaim "c:0!.s|trusted%3aCustomClaimsProvidername"

Get-SPWebApplication | select Url | %{ New-SPUserLicenseMapping -Claim $allCustomProvideraccount

-License "OfficeWebAppsEdit" -WebApplication $_.Url | Add-SPUserLicenseMapping}

 Replace "CustomClaimsProvidername" with your custom claims provider name in your environment.