Scenario: When I tried to add a ProviderHosted app with ACS trust on to SharePoint site from app catalog. The app itself was disabled with a message "You can't add this app here". Clicking on "find out why" displayed the message "sorry, apps are turned off. if you know who runs the server, tell them to enable apps".
Solution: When we see this message with SharePoint hosted apps, the resolution is to check if appdomain has been created. Both the App Management and subscription setting services have been created and started. App URLs have been configured from central admin. App routing is enabled by creating additional binding to the webapp OR by creating additional webapp for app routing.
But, most of the above settings are not required for ProviderHosted apps, like App Domain is not required for provider hosted apps, need not "Configure App Urls" from CA. Then what might be the issue with providerHosted apps...well, so far I have uncovered two reasons as to why we encounter error message "sorry, apps are turned off. if you know who runs the server, tell them to enable apps"." there are as follows:-
1. For provider hosted apps to run with ACS as trust broker, we need to replace the default SharePoint STS cert with self-signed cert or publically owned cert. And this cert has to be uploaded to Azure/office 365 tenancy. So in my case the error message was showing up because, the cert was not uploaded to Azure/office 365 tenancy.
2. Another reason might be that your STS cert has expired, in which case you might have to get new cert or renew existing cert and register the new cert with Azure/office 365
Thursday, March 21, 2013
Wednesday, March 20, 2013
SharePoint2013: Debugging Provider Hosted Apps
Scenario: You have developed a provider hosted app and installed the app (.app pkg) on to SharePoint site and its app web on to a remote machine. Now how will you debug to figure out issues
Solution: You need to have visual studio installed on remote machine to debug.
Follow below steps for debugging provider hosted apps:-
1. Log on to remote machine where you have installed the app web.
2. Open the app web using visual studio as administrator and set a break point.
3. Log on to AP or FE and navigate to site on which you have installed the app using a browser.
4. Now back in the remote machine in Visual Studio go to Debug-->Attach to Process and attach w3wp.
5. Now in AP and FE server click on the app.
6. Now on the remote machine you see that your break point will hit.
Another way to debug is using IE developer (F12 developer tools) toolbar, by going to "Script" tab and click on "Start debugging".
Solution: You need to have visual studio installed on remote machine to debug.
Follow below steps for debugging provider hosted apps:-
1. Log on to remote machine where you have installed the app web.
2. Open the app web using visual studio as administrator and set a break point.
3. Log on to AP or FE and navigate to site on which you have installed the app using a browser.
4. Now back in the remote machine in Visual Studio go to Debug-->Attach to Process and attach w3wp.
5. Now in AP and FE server click on the app.
6. Now on the remote machine you see that your break point will hit.
Another way to debug is using IE developer (F12 developer tools) toolbar, by going to "Script" tab and click on "Start debugging".
Monday, March 18, 2013
How to replace default SharePoint STS certificate
Scenario: How to replace default SharePoint STS certificate
Solution:
$certPrkPath="<path to replacement certificate (.pfx file)>"
$stsCertificate=New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $certPrKPath, "<replacement certificate password>", 20
Solution:
$certPrkPath="<path to replacement certificate (.pfx file)>"
$stsCertificate=New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $certPrKPath, "<replacement certificate password>", 20
Set-SPSecurityTokenServiceConfig -ImportSigningCertificate
$stsCertificate -Confirm:$false
The above script replaces default STS certificate on all AP and FE servers in the SharePoint farm and paces it in the SharePoint trusted root authority of all AP and FE severs MMC console.
The above script replaces default STS certificate on all AP and FE servers in the SharePoint farm and paces it in the SharePoint trusted root authority of all AP and FE severs MMC console.
Thursday, March 14, 2013
SharePoint2013 Provider Hosted App and Chrome Control
Scenario: How to apply SharePoint look and feel for ProviderHosted App's remote web application
Solution: You have hosted a ProviderHosted app's remote web application on a remote machine. Now to apply SharePoint branding to it:-
1. Add below script tag in the "<head>" section
<script src="Scripts/sp.ui.controls.js" type="text/javascript"></script>
2.Open the landing page/start page of the remote app web application and add a "chrome" control to *.aspx page as below, in the "<head>" or "<body>" section.
<div id="chrome_ctrl_container" data-ms-control="SP.UI.Controls.Navigation" data-ms-options='{
"appTitle" : "BasicSelfHostedApp"}'> </div>
Now SharePoint style sheet will be available to your web application through chrome control. Add below line in *.aspx page to see it in action.
<h2 class="ms-accentText">SharePoint Site:</h2>
Solution: You have hosted a ProviderHosted app's remote web application on a remote machine. Now to apply SharePoint branding to it:-
1. Add below script tag in the "<head>" section
<script src="Scripts/sp.ui.controls.js" type="text/javascript"></script>
2.Open the landing page/start page of the remote app web application and add a "chrome" control to *.aspx page as below, in the "<head>" or "<body>" section.
<div id="chrome_ctrl_container" data-ms-control="SP.UI.Controls.Navigation" data-ms-options='{
"appTitle" : "BasicSelfHostedApp"}'> </div>
Now SharePoint style sheet will be available to your web application through chrome control. Add below line in *.aspx page to see it in action.
<h2 class="ms-accentText">SharePoint Site:</h2>
Tuesday, March 12, 2013
SharePoint2013 providerhosted app with ACS error : The parameter 'token' cannot be a null or empty string
Scenario: Today when I hosted ProviderHosted app web application (stand alone ASP.Net web application which is part of the ProviderHosted app solution) on a remote machine and installed or added the app (.app) on a SharePoint farm I have been greeted with following error.
Error message while navigating to a remote machine on which ProviderHosted app web application is hosted:-
The parameter 'token' cannot be a null or empty string.
Following is the welcome error message, when I click on the ProviderHosted app from SharePoint farm/site:-
Resolution: Although similar error message is shown for several other reasons, looking at these things may help you fix the issue. Basically you need internet access on a remote machine on which you are hosting the ProviderHosted app web application, so that it can talk to ACS and get the context token, access token, refresh token and also talk back to SharePoint farm to get host web properties of a SharePoint site like: site title, site lists, logged-in user etc.
Based on how your environment and DNS setting are configured. You might have to add the following section (in case you do not have internet connectivity on remote machine) to remote ProviderHosted app web application's web.config (stand alone ASP.Net web application which is part of the ProviderHosted app solution) hosted on remote machine.
<system.net>
<defaultProxy>
<proxy usesystemdefault="True"
proxyaddress="http://internetaccessProxySite.com"/>
<bypasslist>
<add address="https://mysharepointsite.com"></add>
</bypasslist>
</defaultProxy>
<system.net>
Remove/comment the complete <system.serviceModel> section in web.config of remote Providerhosted app web application.
Make sure that the current logged-in user has required permissions to the SharePoint site. Else it may throw access denied error when your remote app web is trying to read SharePoint data.
Error message while navigating to a remote machine on which ProviderHosted app web application is hosted:-
The parameter 'token' cannot be a null or empty string.
Following is the welcome error message, when I click on the ProviderHosted app from SharePoint farm/site:-
Resolution: Although similar error message is shown for several other reasons, looking at these things may help you fix the issue. Basically you need internet access on a remote machine on which you are hosting the ProviderHosted app web application, so that it can talk to ACS and get the context token, access token, refresh token and also talk back to SharePoint farm to get host web properties of a SharePoint site like: site title, site lists, logged-in user etc.
Based on how your environment and DNS setting are configured. You might have to add the following section (in case you do not have internet connectivity on remote machine) to remote ProviderHosted app web application's web.config (stand alone ASP.Net web application which is part of the ProviderHosted app solution) hosted on remote machine.
<system.net>
<defaultProxy>
<proxy usesystemdefault="True"
proxyaddress="http://internetaccessProxySite.com"/>
<bypasslist>
<add address="https://mysharepointsite.com"></add>
</bypasslist>
</defaultProxy>
<system.net>
Remove/comment the complete <system.serviceModel> section in web.config of remote Providerhosted app web application.
Make sure that the current logged-in user has required permissions to the SharePoint site. Else it may throw access denied error when your remote app web is trying to read SharePoint data.
SharePoint2013 farm is broken (page cannot be displayed error message) after ACS configuration
Scenario: SharePoint 2013 farm is broken after ACS configuration. Part of ACS configuration involves replacing the OOB STS certificate with custom or self signed cert. But, after replacing the default STS cert with self-singed cert, you may notice that navigating to any of the sites displays page not found error.
At this point you may see following error message in the event viewer:-
Resolution: Install the cert to "SharePoint trusted root authority", from CA-->Security-->Manage trust.
At this point you may see following error message in the event viewer:-
An operation failed because the
following certificate has validation errors:
Subject Name:
CN= providerhosted.app.com
Issuer Name:
CN=providerhosted.app.com
Thumbprint:
AH65B00PL
Errors:
The root of the certificate chain
is not a trusted root authority..
Resolution: Install the cert to "SharePoint trusted root authority", from CA-->Security-->Manage trust.
Friday, March 8, 2013
SharePoint2013 installing an app to multiple site collections
Scenario: How to install an app to multiple site collections
Resolution:
1)Navigate to your "appcatalog" site
2) On Quick Launch click on "Site Contents"
3) Click on "add an app"
4) Select an app and add it, wait until it installs.
5) Now from Site Contents page hover over the app. You should see below screen.
6) Click on "Deployment" as in above screen shot. The "Manage App Deployments" page opens up as in below screen shot.
7) Enter "SiteCollection" URL and click on Add. You can add multiple Site Collections URLs.
8) And finally click ok. Now your app will be installed to multiple site collections you specified.
Resolution:
1)Navigate to your "appcatalog" site
2) On Quick Launch click on "Site Contents"
3) Click on "add an app"
4) Select an app and add it, wait until it installs.
5) Now from Site Contents page hover over the app. You should see below screen.
6) Click on "Deployment" as in above screen shot. The "Manage App Deployments" page opens up as in below screen shot.
7) Enter "SiteCollection" URL and click on Add. You can add multiple Site Collections URLs.
8) And finally click ok. Now your app will be installed to multiple site collections you specified.
Thursday, March 7, 2013
SharePoint2013 Site prompts for credentials
Scenario: When navigating to a Site SharePoint repeatedly prompts for credentials
Resolution:
1) In your Internet Explorer “Internet Options” menu "Security" tab, add your SharePoint site URL to the list of Intranet sites
2) Navigate to Internet Options-->Security click on "Custom Level" Under "User Authentication" change “Automatic logon only in Intranet Zone” to “Automatic logon with current username and password“.
3) Re-start IE and browse to the site.
Resolution:
1) In your Internet Explorer “Internet Options” menu "Security" tab, add your SharePoint site URL to the list of Intranet sites
2) Navigate to Internet Options-->Security click on "Custom Level" Under "User Authentication" change “Automatic logon only in Intranet Zone” to “Automatic logon with current username and password“.
3) Re-start IE and browse to the site.
Subscribe to:
Posts (Atom)