SharePoint Apps authorizations

Last few days I was experimenting with SharePoint App model. Provider hosted apps which is a type of app which provide by SharePoint. In this category of apps, app will have a separate web component running out side the SharePoint box which App is installed. When the out side hosted component needs access to the SharePoint list and libraries of the SharePoint farm which app is installed there is a requirement to authorize access from those hosted web components.

According to the MSDN there are three different authorizations defined for SharePoint apps which can be used in this scenarios.

Low Trust

  • Provider hosted apps for SharePoint use Azure ACS (Access Control System) to get the token which they can use to access SharePoint resources (List libraries and other resources) which app installed SharePoint farm.
  • This use OAuth 2.0 framework and Azure ACS is the token issuer. If app is using this mechanism it can be sold in SharePoint App Store.
  • Low trust system is there mostly for apps which has components hosted in the Cloud.

(Note: To install app which use this authorization mechanism installing user needs to have Office 365 Account which he need to provide at the installation time. These apps can be also installed On Premise SharePoint by doing some simple configuration tasks on the farm)

MSDN Low Trust Tutorial - Creating apps for SharePoint that use low-trust authorization 

High Trust -

  • In this mechanism Provider hosted App can initiate the trust with SharePoint using Digital certificate.
  • This is used for applications which remote components are hosted on On Premise.
  • These apps can only be installed on SharePoint farms which are note connected to internet.
  • Can’t deploy to SharePoint online or sell using SharePoint Office App store.

MSDN High Trust Tutorial - Creating apps for SharePoint that use high-trust authorization

Cross-Domain Library -

  • This mechanism used in systems which logic is in JavaScript.
  • This is also used for Apps which has Cloud hosted components but with issues with communications due to firewalls. Low trust system will not work due to firewall issues. This library includes secure system for working around cross domain script issues.
  • Apps using this library can be sold on Office Store.
  • Apps can be deployed both on SharePoint Online or OnPremise SharePoint.

MSDN Cross-Domain Tutorial - Creating apps for SharePoint that use the cross-domain library

In my next post I’m hoping go deep in to each of the Authorization mechanism.

Comments

Post a Comment

Your comments...

Popular posts from this blog

How to get SharePoint dll version using JavaScript quickly

If you are working on SharePoint apps development you will need to know the SharePoint dll version to put webparts in to the page. In webparts we need to provide the SharePoint dll version in the  '  In this sinario you can use following service url and make a quick call and get the version of the SharePoint dll on Office 365 SharePoint Online as well as SharePoint Onprem. /_vti_pvt/buildversion.cnf SharePoint On Premise output vti_encoding:SR|utf8-nl vti_buildversion:SR|15.0.4737.1000 SharePoint Online Office 365 output as of 04/07/2017 vti_encoding:SR|utf8-nl vti_buildversion:SR|16.0.6621.1204 Function for get the version no.     getSharePointVersion: function () {         var ver = null;         $.ajax({             url: "/_vti_pvt/buildversion.cnf",             async: false,         }).done(function (result) {             var lines = result.trim().split('\n');             if (lines.length == 2) {                 var versionProperty = li
Read more

SharePoint App Only Registration Key Renewal script

################################## ## Checking secret working ################################## $clientSecret = 'xxxxx' Connect-PnPOnline -Url "https://xxxx.sharepoint.com/sites/DevSite" -ClientId 67c86709-5348-45b9-a16b-9b7a983a20c2 -ClientSecret $clientSecret Get-PnPConnection Get-PnPListItem -List LookupList ################################### ## Get all Keys #################################### $msolcred = get-credential connect-msolservice -credential $msolcred $clientId = "67c86709-5348-45b9-a16b-9b7a983a20c2" $keys = Get-MsolServicePrincipalCredential -AppPrincipalId $clientId $keys ################################## ## Remove keys ################################## Remove-MsolServicePrincipalCredential -KeyIds $keys.KeyId -AppPrincipalId $clientId ######################################## ## Generate key for 3 years ######################################## $bytes = New-Object Byte[] 32 $rand = [System.Security.Cryptography.RandomNumberGenerator]::Cre
Read more