www.it-ebooks.info For your convenience Apress has placed some of the front matter material after the index. Please use the Bookmarks and Contents at a Glance links to access them. www.it-ebooks.info Contents at a Glance About the Author ����������������������������������������������������������������������������������������������������������������xv About the Technical Reviewer ������������������������������������������������������������������������������������������xvii Acknowledgments �������������������������������������������������������������������������������������������������������������xix Introduction �����������������������������������������������������������������������������������������������������������������������xxi ■ Chapter 1: Introduction to SharePoint Apps ����������������������������������������������������������������������1 ■ Chapter 2: Creating and Debugging Apps ������������������������������������������������������������������������31 ■ Chapter 3: Managing the App Life Cycle��������������������������������������������������������������������������49 ■ Chapter 4: Client-Side Logic with JavaScript ������������������������������������������������������������������69 ■ Chapter 5: Accessing the SharePoint Environment �������������������������������������������������������113 ■ Chapter 6: SharePoint App Security ������������������������������������������������������������������������������145 ■ Chapter 7: Web Services with REST and OData �������������������������������������������������������������185 ■ Chapter 8: Business Connectivity Services �������������������������������������������������������������������225 ■ Chapter 9: App Logic Components ��������������������������������������������������������������������������������245 ■ Chapter 10: Developing the User Experience ����������������������������������������������������������������283 ■ Chapter 11: Accessing SharePoint Search ��������������������������������������������������������������������313 ■ Chapter 12: Using SharePoint’s Social Features ������������������������������������������������������������331 ■ Chapter 13: Enhancing Apps with SharePoint Services ������������������������������������������������351 ■ Chapter 14: Using Other App Environments ������������������������������������������������������������������371 Index ���������������������������������������������������������������������������������������������������������������������������������399 v www.it-ebooks.info Introduction SharePoint 2013 Server and SharePoint Online provide an entirely new model for developing enterprise solutions called the Cloud App Model. This style of application is architected to run in a hosted environment without unduly impacting the host servers. This provides for levels of scalability and reliability that were difficult, or impossible, to achieve using SharePoint’s previous models that included full-trust and sandboxed solutions. Pro SharePoint 2013 App Development contains the techniques for delivering advanced solutions on the SharePoint 2013 platform. Using step-by-step tutorials, the reader creates and elaborates on a sample SharePoint app throughout the course of the book. Once complete, the developer will be ready to tackle even the most demanding SharePoint apps with confidence. In this book, we will cover the following points: • We will introduce the Cloud App Model architecture for creating and hosting SharePoint apps. • We will walk through the creation and deployment of a complete solution. • We will examine the security features of the SharePoint app model. • We will learn to leverage SharePoint data in our apps over the network, securely. • We will learn to utilize search and other SharePoint services to create rich SharePoint solutions. • We will explore how to use these techniques to deliver data on a multitude of web and mobile platforms. This book is intended for developers and IT professionals responsible for delivering solutions on the SharePoint 2013 platform. These solutions may run on-site, in the cloud, or in a hybrid deployment across many locations. We will provide the background and step-by-step introduction needed to create massively scalable SharePoint applications using standard tools such as Visual Studio, and web standards such as HTML and JQuery. Once created, SharePoint apps can be deployed internally or sold through the Microsoft SharePoint Store across the Internet. The objective is to empower organizations to create a new generation of web-based applications on the SharePoint platform. SharePoint enables both on-site and cloud-based deployments of mission-critical business applications, using all of the same tools and technologies, regardless of the environment. Using modern web standards for user interfaces, data access, and most important, security, SharePoint apps can safely break down the wall between internal data and external customers. The book is designed to introduce each technique in the order necessary for each solution to build on the ones that have come before. In some cases, it may be necessary to use a technique before we have discussed it fully. In these cases, we will try to convey the necessary information and refer the reader to the later section. Chapter 1: Introduction to SharePoint Apps This chapter will introduce the new SharePoint app model. We will describe why the app model exists, how it differs from the previous development models for SharePoint, and where SharePoint apps fit into the Microsoft ecosystem, including Azure, Windows 8, and Windows Phone. This is the 30,000-foot view. xxi www.it-ebooks.info ■ IntroduCtIon Chapter 2: Creating and Debugging Apps This chapter will introduce the tools used to create SharePoint apps. We will create a basic app that will begin the book-wide sample project. This sample will be elaborated on in later chapters to demonstrate the techniques presented in each chapter. Chapter 3: Managing the App Life Cycle This chapter will introduce the concept of an application life cycle. This includes all of the steps used to create and maintain an app. We will look at each stage in the order they will be encountered by the typical app. Chapter 4: Client-Side Logic with JavaScript This chapter will provide the reader with an introduction to client-side programming using JavaScript and modern programming patterns. We will introduce JavaScript, JQuery, and Knockout for those readers that are not familiar with them. We will also introduce the Model-View-ViewModel (MVVM) design pattern that will be used throughout the book. Chapter 5: Accessing the SharePoint Environment This chapter will cover the means of accessing data that is stored in SharePoint using the SharePoint 2013 client-side object model (CSOM) libraries. This will include lists, libraries, and other SharePoint-specific content. Chapter 6: SharePoint App Security This chapter will cover the extensive security mechanisms that are inherent in deploying a mission-critical application to SharePoint. This will include SharePoint apps’ means of performing both authentication and authorization. We will also cover the security infrastructure used in Microsoft Azure. Chapter 7: Web Services with REST and OData This chapter will cover accessing data from network sources via generic data transfer methods. Unlike accessing SharePoint with the CSOM, this style of data access uses the methods and data elements exposed through standard interfaces such as REST and OData. Chapter 8: Business Connectivity Services In this chapter, we will examine the use of BCS within an app. These techniques allow an organization to leverage internal data assets in the cloud, while retaining security and control of that data. We will discuss the best ways to query and update BCS-based data. xxii www.it-ebooks.info ■ IntroduCtIon Chapter 9: App Logic Components Much of the development effort for an app involves accessing data and rendering a user experience. This chapter will focus on the techniques for adding sophisticated logic within a SharePoint app. These techniques will allow us to respond to SharePoint events and manage workflows. Chapter 10: Developing the User Experience This chapter will deal with the details of creating a modern user experience in a SharePoint app. We will cover the different types of UIs that a SharePoint App can expose and the best tools to use for creating them. We will also learn to make our apps conform to the style of the site in which they reside. Chapter 11: Accessing SharePoint Search The user interface in SharePoint 2013 sites can be driven more by search results than by content stored locally within the SharePoint site. Microsoft calls this a “search-driven” site. In this chapter, we will discuss the techniques needed to access and display search results with a SharePoint App. Chapter 12: Using SharePoint’s Social Features This chapter will describe the social features of the SharePoint 2013 platform as they relate to creating apps. We will cover the MySite and SkyDrive Pro features, as well as newsfeeds, posts, and activities. Chapter 13: Enhancing Apps with SharePoint Services The SharePoint 2013 platform contains many integrated services that apps can leverage. These services provide basic infrastructure such as logging and error reporting. They also provide specialized data for metadata, search, and navigation. In this chapter, we will look at how to use some of these services to make our apps more robust and functional. Chapter 14: Using Other App Environments This chapter will explore the Cloud App Model as it applies to platforms other than SharePoint and how apps can be used to integrate information across the enterprise. SharePoint apps are only one type of “app” in the Microsoft ecosystem. This chapter will delve into creating apps that cross between SharePoint, Windows 8 and RT, Microsoft Office, and Windows Phone. Summary In creating the Cloud App Model, Microsoft has attempted to create an architecture that places cloud development at the center. The focus was on creating rich Internet apps that are scalable, maintainable, and robust in a variety of hosting environments. As a result, SharePoint apps can seem overly complex at times. As you will see in the coming chapters, there are reasons for these design decisions. You are encouraged to absorb all of the concepts that you need to design the next great app. Try not to get buried in the details the first time around. xxiii www.it-ebooks.info Chapter 1 Introduction to SharePoint Apps This chapter will introduce the new SharePoint 2013 application model. We will describe why the app model exists, how it differs from the previous development models for SharePoint, and where SharePoint apps fit into the Microsoft ecosystem, including Azure, Windows 8, and Windows Phone. In this chapter, we will go over the following points: • Why there is a new application model for SharePoint 2013. • How full-trust and sandbox solutions fit into the new paradigm. • How SharePoint apps relate to Microsoft’s online offerings, including Office 365, Azure, and SQL Azure. • When and why to use SharePoint solutions in on-premise, cloud, and hybrid deployments. • The sample application that will be developed throughout this book. Introduction to the Cloud App Model In SharePoint 2013, Microsoft has introduced a new way to build solutions for SharePoint. This new method is called the Cloud App Model. This model is similar to the development model introduced for Windows 8, the Windows Runtime (WinRT), Office 2013, and Windows Phone 8. A SharePoint app is a single package of functionality that can be deployed and activated on a site with very little overhead or footprint on the SharePoint server farm. An app package contains all of the SharePoint artifacts (lists, libraries, etc.) needed by the application along with any pages, scripts, styles, or other web files needed to complete the application. Apps are designed to be easy to provision on a site and to be removed cleanly when no longer needed. The Cloud App Model for SharePoint was designed with (surprise!) the cloud in mind. When an app is deployed to a site, the configuration of the files and settings in SharePoint are handled automatically. The server farm is protected from defective installation packages and file updates because apps cannot be installed like traditional SharePoint solution packages. App package files are managed entirely by SharePoint itself. When running in the cloud, it is imperative that no one application can produce an unmanageable load on the farm or corrupt memory and require restarting of processes in the farm. SharePoint apps are prevented from causing problems on the farm by eliminating use of the SharePoint Server-Side Object Model (SSOM) in app code. In fact, all server-side code execution is off limits to SharePoint apps. To a developer familiar with developing applications for previous versions of SharePoint, this would seem to make apps totally useless in a SharePoint context. As we will see later, the combination of client-side technologies, like HTML and JavaScript, and sophisticated web service call mechanisms, like REST and OData, make building scalable, reliable apps for SharePoint quite possible. The rest of this chapter will introduce the concepts associated with the Cloud App Model as it applies to SharePoint. We will discuss the components that make up a SharePoint app and how they are managed. The remaining chapters of this book will discuss each of these in detail to enable you to create rich user applications in SharePoint 2013. 1 www.it-ebooks.info Chapter 1 ■ IntroduCtIon to SharepoInt appS Developing Solutions in Previous Versions of SharePoint Let’s take a moment to revisit SharePoint 2010. Specifically, we will take a look at how custom applications were developed and deployed prior to SharePoint 2013. When designing a custom application for SharePoint pre-2013, we first had to decide what type of application it would be: full-trust or sandboxed. We then had to consider things like what features that would go into the application. The developer would create the files that make up the application and create feature manifests to manage their installation. Finally, we would create a solution package file (.WSP) that could be deployed to SharePoint. Project templates for Visual Studio made this process easier in later versions, but there were still times when the developer had to work with raw XML or CAML files in order to accomplish even routine tasks. For full-trust solutions, a farm administrator would need to deploy the solution package to each SharePoint server in the farm. This would have the effect of copying files into various folders throughout the server farm. Most of these files ended up in the “14 hive.” The hive is a folder on the server’s hard drive that contains many of SharePoint’s own files, which might be overwritten or altered by some package installations. Finally, the farm administrator would need to activate the features of the solution in order to begin using them within the farm. Creating full-trust applications in SharePoint can have several unwanted side effects on the server farm’s stability and performance. • All code in a full-trust application runs within SharePoint’s own server processes. Any corruption caused by the application has the potential to crash the server or farm. • Any slow or inefficient code in an application can consume CPU cycles, memory, or disk space on the farm’s servers and hurt performance. • If the application does not take appropriate security precautions, it can compromise information stored in the farm because a full-trust application can always elevate its privileges to perform virtually any action. When deploying a solution file containing a full-trust application to a farm, extensive testing is required to ensure that the application will not cause damage to the farm. As a result, many organizations have adopted policies that drastically limit or completely rule out the use of full-trust applications. In a hosted or cloud environment, the server farm may support multiple end-user organizations or tenants. In these scenarios, including using SharePoint Online, full-trust applications are simply not an option. No outside code can be allowed to run in full-trust without risking harm to other customers in the farm. In SharePoint 2013, full-trust applications are still supported and are appropriate for certain types of applications. Any custom functionality that deals with managing the farm or accessing specialized hardware may require elevated privileges and should still be created as a full-trust application. These solution packages will continue to be supported as they have been, but they are only for use in locally hosted, on-premise farm deployments. They are not appropriate for any functionality being deployed to a hosted or cloud environment. The other option, prior to the release of SharePoint 2013, was to create a sandboxed solution. These solutions are developed using the same techniques and file formats as full-trust solutions, but with certain limitations. • Sandboxed applications do not run with full-trust and cannot elevate their privileges to acquire it. • Sandboxed applications run in a separate isolated process to prevent them from corrupting the server farm’s own processes. • Applications that run in the sandbox are only allowed to access a subset of the SharePoint Server-Side Object Model (SSOM) through a proxy object that forwards the requests to the main SharePoint processes. • Sandboxed applications are deployed and managed at the site collection level and can only access resources within the local site collection. They cannot access other resources within the farm or elsewhere on the network, even when using the Client-Side Object Model (CSOM). 2 www.it-ebooks.info Chapter 1 ■ IntroduCtIon to SharepoInt appS The sandbox was introduced in SharePoint 2010 in an attempt to isolate custom applications from SharePoint and limit their potential for harming the overall farm. While this was accomplished, the restrictions placed on sandboxed applications have limited their usefulness. The sandbox model has also been found insufficient for hosting and cloud deployments. • The code in a sandboxed application still runs on the servers in the SharePoint farm. Poorly written or managed applications can still cause performance problems or limit scalability. • Sandboxed applications that corrupt their own memory or use too many resources may be automatically restarted periodically, further draining server resources. • The limitations on what data can be accessed from a sandboxed application limits their usefulness in enterprise-style applications that require broader access to SharePoint and network resources. • Limiting access to the Server-Side Object Model, and the limited implementation of the Client-Side Object Model in SharePoint 2010, made creating rich applications in the sandbox very difficult or impossible. • Because sandboxed solutions are deployed at the site collection level, they are managed by site collection administrators. These users have to install, activate, configure, and remove these packages within each site collection they own. In many organizations, site collection administration is delegated to non-technical power users who typically find managing solution packages very confusing. The sandbox was created to solve the application management problems created by full-trust applications, but it has created new problems and imposes severe limitations on the types of applications that can be developed. As a result, sandboxed solutions have been deprecated in SharePoint 2013. In this case, deprecated is Microsoft’s way of saying “Oops, that didn’t work!” In practical terms, deprecated means that while the sandbox still exists in SharePoint 2013 for backward compatibility, it may not be a part of future releases. No new development should be done in sandboxed solution packages. With full-trust applications limited to living behind the organization’s firewall and sandboxed solutions on the way out, how do we make the leap into the cloud? The answer, of course, is to create SharePoint apps using the Cloud App Model. Developing Apps for SharePoint 2013 Using apps for SharePoint is very similar to using apps on mobile devices such as Android- or iOS-based phones. When a cell phone’s user wants to extend the functionality of their device, they go an app store of some sort. This could be the Google Play Store for Android or the Apple Store for iOS. They find the app they want to install and select it. The app is paid for, in some cases, and then automatically downloaded and installed on their device. Once the user is finished using the app, they can uninstall it from their device as if it had never been there. The key to this usability is the fact that no one but the end user ever needs to be involved. In the case of SharePoint apps, an app is installed into a SharePoint site. As with mobile apps, a SharePoint app can be acquired from the SharePoint Store (http://office.microsoft.com/en-us/store/apps-for-sharepoint- FX102804987.aspx) managed by Microsoft, as shown in Figure 1-1. An app adds functionality to the site while it is installed. The app may add SharePoint artifacts, such as lists and web parts, to the site. It can also add menu options, pages, and other behaviors to the site. 3 www.it-ebooks.info Chapter 1 ■ IntroduCtIon to SharepoInt appS Figure 1-1. The SharePoint Store The most important difference between a SharePoint app and a full-trust or sandboxed solution is in what is not installed in SharePoint. A SharePoint app cannot contain any server-side code at all. The data access, business logic, and user interface logic of the app is executed entirely outside of the SharePoint server farm. SharePoint may host the HTML, CSS, and JavaScript files for the app, but the logic executes either within the client browser, or other user agent, or on a remote web server outside of the farm. The end user is completely unaware of this, of course, but it makes all the difference in the world to maintaining the scalability and stability of the farm. In the Cloud App Model, SharePoint is essentially acting as a portal for storing data and exposing applications, rather than directly hosting their logic. When creating a SharePoint app, the most important decisions to be made involve distributing the components of the application in the most effective manner available. In the next section, we will examine the concepts surrounding SharePoint app development and how these decisions are made. Designing Cloud App Solutions A typical application built using the Cloud App Model is composed of various components that communicate over a network. This is contrary to traditional development models that assume that most of the code will run on one platform (a server) or two platforms (a client and a server). In a cloud app, the assumption is that there is a client-side user agent, either a web browser or mobile device, and one or more servers. In the context of a SharePoint app, one of the servers will always be a SharePoint server. This server will manage the user’s access to the app and host any SharePoint data that is included in the solution. It will not execute server- side code. To perform custom logic, it will either hand off requests to other non-SharePoint web servers or it will serve client-side code files to be executed by the client browser. When constructing a SharePoint app, there are two basic patterns. One pattern emphasizes the use of client-side code and the other uses server-side code executing outside of SharePoint. 4 www.it-ebooks.info
Description: