Monday, October 29, 2012

Introduction to SharePoint 2013 App Model - A Primer

SharePoint 2013 introduces the new App Model that adds another dimension to the kinds of solutions you can build on the SharePoint technology platform in addition to Full Trust Solutions and Sandboxed solutions.

Lets take a deep dive on the App Model and understand the fundamental building blocks. 

I. SharePoint 2013 App Model Highlights:
  1. SharePoint applications no longer live in SharePoint
  2. Custom code executes in the client, cloud or on-prem
  3. Apps are granted permissions to SharePoint via OAuth
  4. Apps communicate with SharePoint via REST / CSOM
  5. Acquire apps via centralized Marketplace, Corporate Marketplace, Public Marketplace (via submission process)
  6. APIs for manual deployment
  7. Everything in a SharePoint site is an app: Contact form, Travel request, Shared Documents library, Contacts list
  8. Apps for SharePoint mimics Facebook Apps to an extent.
II. SharePoint 2013 App Model Benefits:
  1. No custom code on the SharePoint server
  2. Easier to upgrade to future versions of SharePoint
  3. Works in hosted environments w/o limitations
  4. Reduces the ramp-up time for those building apps
  5. Don’t need to know/be as familiar with SharePoint “-isms”
  6. Leverage hosting platform features in new apps
  7. Enables taking SharePoint apps to different levels – further than what can be done with farm / sandbox solutions
  8. Isolation – private vs. public clouds
III. SharePoint 2013 Application Architecture: The diagram below talks about the SP 2013 Application Architecture and its components.

REST / CSOM - are the programmatic approaches available to access SP 2013 data from Apps.
Remote Event Receivers - To handle events in an app for SharePoint remotely, you create remote event receivers and app event receivers.
BCS - Apps can perform CRUD operations on external data store using ODATA by leveraging External Content Types and External Lists.

IV. SharePoint 2013 App URL:
V. SharePoint 2013 Application Comparison Chart: Lets see what programming options we have while creating Apps for SharePoint.
VI. Different kinds of Apps for SharePoint 2013:  Here are 3 different kinds architecture approaches available for creating SharePoint 2013 Apps.
 
 1. SharePoint-Hosted App:
  •     SharePoint hosted apps wholly reside in SharePoint
  •     Uses SharePoint artifacts (lists/libraries)
  •     Business logic executes or on the client
  •     HTML5
  •     JavaScript using CSOM or REST API's
 2. Cloud based Apps:
  •     Cloud hosted apps primarily execute outside of SharePoint
  •     May use SharePoint artifacts (lists/libraries)
  •     Communicate via CSOM / REST
  •     Granted permission to SharePoint via OAuth
  •     Business logic lives & executes outside of SharePoint
  •     On-Premise hosted web application
  •     Windows Azure
  •     3rd party host
  •     Managed CSOM (Client Side Object Model) can be adopted as a programming model for both     these kinds of Apps.   
  •     Within cloud based apps, we have a further bifurcation between:  
  •     Provider-Hosted Apps- Apps developed/maintained on Premises or a Private Cloud.  
  •     Auto-Hosted Apps - Apps provisioned using Windows Azure Auto-Hosting. SharePoint deploys ASP.NET application & SQL Azure DB to Azure automatically when SharePoint app is installed.
VII. SharePoint 2013 Application UX (User Experience):

VIII. SharePoint 2013 Application Scopes:
i. Web scope - By default all SharePoint 2013 SharePoint apps are scoped to Web.
ii. Tenant scope - Cloud based apps can have their Apps as tenant scoped. For e.g.: Apps hosted on Office 365 can have a Tenant scope for privacy and security. Not Applicable to SharePoint Hosted Apps.

IX. SharePoint 2013 App Hosting Options: Cloud v/s SharePoint
 
 X. SharePoint 2013 Application Isolation:
  • When apps are provisioned, new SPWeb (AppWeb) created within hosting SPWeb
  • Each app resides within it’s own SPWeb for isolation
  • Special DNS address configured by administrators
  • App SPWeb’s live in separate domain (DNS)
  • Each App hosted on it’s own unique URL because:
  • Blocks XSS: isolation to special SPWeb under special domain blocks cross site scripting
  • Enforces App Permissions: apps communicate with sites via CSOM /API & must be granted to do so
XI. Obtaining SharePoint 2013 Applications:
 Applications can be acquired multiple ways:
  • Public Marketplace
  • Similar Windows Phone Marketplace
Subject to submission process & approval
  • App Catalog
  • Apps developed internally
Apps acquired and approved for internal use
  • Custom Deployment Process
  • Developers can use remote / local SharePoint & Windows Azure APIs to deploy apps with custom code. These APIs are restricted to the developer site for tooling scenarios