Wednesday, January 30, 2013

SharePoint 2013 Provider Hosted App referencing\loading ASP.Net web application deployed to another server\machine not part of 2013 farm using server to server (S2S) trust

Scenario: In this post I will be explaining the process of loading ASP.Net webapplication deployed to remote server (remote server is not part of the SharePoint farm), in to SharePoint provider hosted app using server to server trust (S2S). The provider hosted app is deployed to SharePoint 2013 farm.
The remote web application will have all the UI and business logic.
1. You need to have SharePoint 2013 farm up and running.
2. Ensure that App Management service and User profile service applications are started.
3. Visual studio 2012 installed on remote server and Sharepoint dev environment.
4. Install visual studio app templates on your Sharepoint2013 dev environment. You can download the app dev templates from here under “Tools”:
5. Create a SSL enabled web application in SharePoint 2013 farm, this is the site you will deploy your provider hosted app to.
Log-on to SharePoint 2013 machine and do the following:-
1. Create a self-signed certificate in IIS as shown in below screen shot name it; say ‘test’ and click on “Ok”.
2. Right click on newly created certificate ‘test’ in IIS and select “Export” the “Export Certificate” wizard will open as shown in below screen shot.
     Here provide path to save on disk, type the password and click ok. The certificate will be stored with .pfx extension in the said location.
3.  Within IIS double click on “test” certificate, the “Certificate” wizard will open as shown in below screen shot.
Go to “Details” tab and click on “Copy to File”. Click on “Next” thrice with default values selected. As shown in below screen shot.
Here browse to the location where you want to save this certificate and give it a name test.cer and click “save”. Click “Next” and click “finish”.
4. Now copy the “test.cer” created in step 3, to remote VM\machine where you want to host the Remote webapplication containing the UI and business logic for the SharePoint app.
5. On your SharePoint dev environment open visual studio 2012 as administrator, click fileànew Project and under “Other Project types” select “Visual Studio Solutions” and give project a name say “test” and click “Ok”. Now right click on Solution explorer test, go to Addànew project, under “Office/SharePoint” click “Apps” and select “App for Sharepoint 2013” template give it a name say “test1” and click “Ok”. The “New App for SharePoint” wizard will open as shown in below screen shot.
Fill the other details as shown in the above screen shot and click “Next”. The “Configure authentication settings” wizard will open as shown in below screen shot
Here select “Use a certificate” option and in “Certificate location” select the path were you have stored the “test.pfx” file in step 2. Type a password you have given previously. For the “Issuer ID” generate a guid from visual studio, convert it in to lower case and paste it. Make a note of the “Issuer ID” guid, you need it later. Click “Finish”
        Note: the “Issuer ID” guid must all be in lower case, if not make it lower case.
6. Now go to “AppManifest.xml” and update “ClientId” value “*” with “Issuer ID” guid         from  step 5.
7. Update the “StartPage” value in the “AppManifest.xml” with landing page of the    WebApplication hosted on remote web server. It should look similar to below
Where “” is the IP address of the remote webserver/machine where the remote web application is installed. 
8.Open SharePoint 2013 Management Shell and execute below CMDLETs
$publicCertPath = "<cert path>"
$appId = "<Issuer ID/Client ID>"
$spurl =""
$spweb = Get-SPWeb $spurl
$realm = Get-SPAuthenticationRealm -ServiceContext $spweb.Site
$certificate = Get-PfxCertificate $publicCertPath
$fullAppIdentifier = $appId + '@' + $realm
New-SPTrustedSecurityTokenIssuer -Name "Test1" -Certificate $certificate -RegisteredIssuerName $fullAppIdentifier
$appPrincipal = Register-SPAppPrincipal -NameIdentifier $fullAppIdentifier -Site $spweb -DisplayName "Test1"
Set-SPAppPrincipalPermission -Site $spweb -AppPrincipal $appPrincipal -Scope Site -Right FullControl
Where "<cert path>" is the path where you have stored the certificates in step 2. "<Issuer ID/Client ID>" is the lower case GUID created in step 5. “$spurl” is the site you want to install/debug your app to. Press “enter” in O15 Management shell.
9. Go to IIS Manager, expand sites. Right click on the SSL enabled web application you created as part of pre-requisite and click on “Edit Bindings”. Here create a new “https” binding, select port 443 and select “test” for SSL certificate as shown in below screen shot and click “Ok”.

10. Now in Visual studio 2012 press Ctrl+F5 to deploy the app to SharePoint site. On successful deployment, when you click on the app the “remote web application” landing page will be loaded.
Deploying or Installing Webapplication on remote web server.
The webapplication on remote webserver can be developed using any technology, but here I am using .net and IIS web server.
1.Log on to the remote web server
2.Open visual studio 2010 as administrator and create new project with “ASP.Net Web Forms Application” name it say “test”.
3. In solution explorer go to “default.aspx” page find <asp:Content> tag with ID=”BodyContent” clear all the code in between this <asp:content> and place a button with “onClick” event. Go to buttons code view and in it’s click event, type some text like “Hello from remote web app”.
4.Build the solution.
5.After successful build, in solution explorer select “test” project, right click and select “Publish” and publish it to IIS. The details steps on how to publish the web application to IIS using visual studio can be found here:-
Alternatively, you can use web platform installer4.0 and web deploy component to publish web application to IIS.
6.Open IIS Manager, on remote web server; go to the site on to which you published the web application in step 5. Click on “Bindings” under “Actions” and add “https” binding with port 443 and select “test.cer” certificate (the test.cer certificate must be copied from SharePoint 2013 farm and must be imported to IIS to be used on remote web server).
The above demonstration is from developer’s point of view, which can be easily extended to production environments.