Scenario: How to create windows app style tiles dynamically using JQuery and CSS
Solution: HTML and JS markup
The HTML markup from the above can be pasted to custom layouts page, we can add a reference to custom js file and paste the above JQuery script in to it. We can also reference a custom CSS file and paste below markup.
CSS markup
Screen Shot of the Tile
Friday, December 13, 2013
Saturday, July 13, 2013
Configuring ACS as trust broker in SharePoint 2013 farm
Scenario: How to configure ACS as trust broker in SharePoint 2013 farm, to run Provider hosted apps with Azure Access Control (ACS) trust
Solution:
You can get the detailed manual steps to configure ACS from below link. This will give you an overall idea
http://www.google.com/url?sa=t&rct=j&q=&esrc=s&frm=1&source=web&cd=3&ved=0CDwQFjAC&url=http%3A%2F%2Fdownload.microsoft.com%2Fdownload%2F6%2F4%2F4%2F644BA525-96CB-4739-B08F-18949A9BDADC%2Fsps-2013-config-one-way-hybrid-environment.pdf&ei=Y3HgUfPyMIr1iQL6u4GACA&usg=AFQjCNGkhEKjXXtQNbR5f-nNj3FrylV5ww&sig2=c1oCRjsJMPaCtYpi6Gv2qw
OR if you have problem opening above link. you can search in Google with below title:-
Configure a one-way hybrid environment with SharePoint Server 2013 and Office 365
Below PowerShell Script automates the ACS configuration as explained in the above link:-
$CertificatePathPfx="C:\Certificates\mycert.com.pfx"
$CertificatePathCer = "C:\Certificates\mycert.com.cer"
$CertificatePassword="Password"
$FarmFQDN = "*.con.com"
$SharePointTenantUri = "https://con.sharepoint.com/"
$SharePointAzureTenantName ="con.microsoft.com"
$SPAppPrincipalId ="00000003-0000-0ff1-ce00- 000000000000"
Note: After ACS configuration, if your SharePoint 2013 farm has a WAC server it may be disconnected. So office documents may not be saved to the farm. If you see this behavior, disconnect the WAC server from 2013 farm and re-join the server.
Solution:
You can get the detailed manual steps to configure ACS from below link. This will give you an overall idea
http://www.google.com/url?sa=t&rct=j&q=&esrc=s&frm=1&source=web&cd=3&ved=0CDwQFjAC&url=http%3A%2F%2Fdownload.microsoft.com%2Fdownload%2F6%2F4%2F4%2F644BA525-96CB-4739-B08F-18949A9BDADC%2Fsps-2013-config-one-way-hybrid-environment.pdf&ei=Y3HgUfPyMIr1iQL6u4GACA&usg=AFQjCNGkhEKjXXtQNbR5f-nNj3FrylV5ww&sig2=c1oCRjsJMPaCtYpi6Gv2qw
OR if you have problem opening above link. you can search in Google with below title:-
Configure a one-way hybrid environment with SharePoint Server 2013 and Office 365
Below PowerShell Script automates the ACS configuration as explained in the above link:-
In the above PowerShell script, modify the below script variables as per your environment:-
$CertificatePathCer = "C:\Certificates\mycert.com.cer"
$CertificatePassword="Password"
$FarmFQDN = "*.con.com"
$SharePointTenantUri = "https://con.sharepoint.com/"
$SharePointAzureTenantName ="con.microsoft.com"
$SPAppPrincipalId ="00000003-0000-0ff1-ce00-
Note: After ACS configuration, if your SharePoint 2013 farm has a WAC server it may be disconnected. So office documents may not be saved to the farm. If you see this behavior, disconnect the WAC server from 2013 farm and re-join the server.
Friday, June 21, 2013
SharePoint2010: Creating Custom page in Central Administration
Scenario: Creating a custom Central administration page in 2010
Solution: Sample Admin UI Page
Sample Custom admin code behind
Solution: Sample Admin UI Page
Sample Custom admin code behind
Adding Link to Custom Administration page:-
Friday, May 17, 2013
SharePoint how to place a check box and Dropdownlist in a webpart Tool pane\part
Scenario: How to place custom checkbox and dropdownlist in WebPart toolpane
Solution: Declare a new property of type "Enum" this will place a DropdownList.
For check box declare a property of type Boolean. Also Properties of type String, DateTime and Integer render a textbox.
Useful webpart attributes when defining custom properties are:-
1. [WebBrowsable(true)]
2.[ Personalizable( PersonalizationScope.Shared)]
3.[WebDescription("")]
4.[WebDisplayname("")]
5.[ Category("")]
Solution: Declare a new property of type "Enum" this will place a DropdownList.
For check box declare a property of type Boolean. Also Properties of type String, DateTime and Integer render a textbox.
Useful webpart attributes when defining custom properties are:-
1. [WebBrowsable(true)]
2.[ Personalizable( PersonalizationScope.Shared)]
3.[WebDescription("")]
4.[WebDisplayname("")]
5.[ Category("")]
Tuesday, April 23, 2013
SharePoint 2013 Elivating app permissions beyond the user permissions
Scenario: How to alleviate app permissions, say for example you want your app to add an item to a list, but user using the app doesn't have write permissions on the list. So how can you still make an app add a list item, when run by a user with read only permissions on a list?
Solution: Well to achieve this do not use user permissions at all. Just use app-only permissions to elevate the permissions of the app above the current user running the app.
We can achieve this by adding "AllowAppOnlyPolicy" attribute to "AppPermissionRequests". Using this approach we can create an app that does some job repetitively, similar to timer jobs.
For more detailed information on this topic refer:-
http://blogs.msdn.com/b/kaevans/archive/2013/02/23/sharepoint-2013-app-only-policy-made-easy.aspx
Solution: Well to achieve this do not use user permissions at all. Just use app-only permissions to elevate the permissions of the app above the current user running the app.
We can achieve this by adding "AllowAppOnlyPolicy" attribute to "AppPermissionRequests". Using this approach we can create an app that does some job repetitively, similar to timer jobs.
For more detailed information on this topic refer:-
http://blogs.msdn.com/b/kaevans/archive/2013/02/23/sharepoint-2013-app-only-policy-made-easy.aspx
SharePoint2013 Note on AppPrincipal
AppPrincipal Indicates what kind of authentication an app requires and what type of app it is.
Various types of AppPrinciplas are:-
1. Internal: This is the default for SharePoint Hosted apps. Indicates that no external authentication is required.
Some times a cloud-hosted app can use "internal" auth when calling back using cross-domain library. To achieve this you should configure AppPrincipal with "Internal" element with attribute "AllowedRemoteHostUrl".
2. RemoteWebApplication: This is the default for a Provider Hosted apps. Indicates that app requires external authentication like Oauth
3. AutoDeployedWebApplication: Indicates that App is autohosted and requires external authentication.
Various types of AppPrinciplas are:-
1. Internal: This is the default for SharePoint Hosted apps. Indicates that no external authentication is required.
Some times a cloud-hosted app can use "internal" auth when calling back using cross-domain library. To achieve this you should configure AppPrincipal with "Internal" element with attribute "AllowedRemoteHostUrl".
2. RemoteWebApplication: This is the default for a Provider Hosted apps. Indicates that app requires external authentication like Oauth
3. AutoDeployedWebApplication: Indicates that App is autohosted and requires external authentication.
Saturday, April 20, 2013
SharePoint2013: Shopping Cart Provider hosted app prototype
Scenario: How to develop a shopping cart provider hosted app prototype using managed CSOM
Solution: Create a Provider Hosted App using "App for SharePoint2013" template
Add the following code in the remote web (web application) projects home\landing page (.aspx) within the "body\form" section.
Add the following code in remote webs home\landing page code behind.
Call the "RetrieveWithCSOM" function in Page_Load, passing it the accessToken.
The sample shopping cart prototype app UI looks like below
Solution: Create a Provider Hosted App using "App for SharePoint2013" template
Add the following code in the remote web (web application) projects home\landing page (.aspx) within the "body\form" section.
Add the following code in remote webs home\landing page code behind.
Call the "RetrieveWithCSOM" function in Page_Load, passing it the accessToken.
The sample shopping cart prototype app UI looks like below
Note: If your Remote webapplication is located outside the firewall , you may see 401 error while remote webapplication is trying to talk back to SharePoint, in this scenario use Cross-domain library to talk back to SharePoint.
Friday, April 12, 2013
SharePoint2013 Provider hosted app with ACS trust unable to talk back to SharePoint with Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. Certificate error
Scenario: When your provider hosed apps remote app web\webapplication is trying to talk back to SharePoint you may receive an Error: The
underlying connection was closed: Could not establish trust relationship for
the SSL/TLS secure channel. Certificate error.
Resolution: Although you may get this error for several reasons with SharePoint, one that worked for me within the context of the apps is: Open the website in the browser and Install the certificate to the local machines trusted root authority, by clicking on the "Lock" icon in the browsers address bar.
Resolution: Although you may get this error for several reasons with SharePoint, one that worked for me within the context of the apps is: Open the website in the browser and Install the certificate to the local machines trusted root authority, by clicking on the "Lock" icon in the browsers address bar.
SharePoint2013 Provider hosted app with ACS trust unable to retrive Access Token. Error message: 400 Bad Request. Token request failed
Scenario: Provider hosted app with ACS trust unable to retrieve Access Token. The request for access token failed with error: 400 Bad Request. Token request failed.
Solution: Today I came across this issue, were the app gets the context and refresh token, but unable to get the Access Token. The issue was, Service Principal name (SPN) of the SharePoint site was deleted from azure.
As part of establishing ACS trust in an on-premise farm we need to register the web application in Azure, so that ACS trusts the web application and will be prepared to accepts request from the web application for issuing Access token. So if you have more than one web application in your SharePoint farm you need to register each web application as SPN. Say if your web application URL is https://sharepoint.contoso.com then your SPN would be "sharepoint.contoso.com" OR if you have multiple web applications in your SharePoint farm ending with say "contoso.com" then you can register wild card SPN like "*.contoso.com".
To fix the issue check if SPN is registered on Azure by running below scripts from azure powershell window:-
Solution: Today I came across this issue, were the app gets the context and refresh token, but unable to get the Access Token. The issue was, Service Principal name (SPN) of the SharePoint site was deleted from azure.
As part of establishing ACS trust in an on-premise farm we need to register the web application in Azure, so that ACS trusts the web application and will be prepared to accepts request from the web application for issuing Access token. So if you have more than one web application in your SharePoint farm you need to register each web application as SPN. Say if your web application URL is https://sharepoint.contoso.com then your SPN would be "sharepoint.contoso.com" OR if you have multiple web applications in your SharePoint farm ending with say "contoso.com" then you can register wild card SPN like "*.contoso.com".
To fix the issue check if SPN is registered on Azure by running below scripts from azure powershell window:-
$SPAppPrincipalId
="00000003-0000-0ff1-ce00-000000000000"
$ACSMetaDataEndPoint
= "https://accounts.accesscontrol.windows.net/{0}/metadata/json/1"
-f $SharePointAzureTenantName
Connect-MsolService
$ExistingKeyIds
= Get-MsolServicePrincipal -AppPrincipalId $SPAppPrincipalId
$Spns
= $ExistingKeyIds.ServicePrincipalNames
To Add the SPN run below scripts from azure powershell window:-
$FarmFQDN =
"sharepoint.contoso.com"
$ServicePrincipalName
= "{0}/{1}" -f $SPAppPrincipalId, $FarmFQDN
$Spns.Add($ServicePrincipalName)
Set-MsolServicePrincipal -AppPrincipalId
$SPAppPrincipalId -ServicePrincipalNames $Spns
Note: Replace "$FarmFQDN" with SPN of your web application.
Note: Replace "$FarmFQDN" with SPN of your web application.
Thursday, March 21, 2013
SharePoint2013: ProviderHosted app, You can't add this app here: sorry apps are turned off
Scenario: When I tried to add a ProviderHosted app with ACS trust on to SharePoint site from app catalog. The app itself was disabled with a message "You can't add this app here". Clicking on "find out why" displayed the message "sorry, apps are turned off. if you know who runs the server, tell them to enable apps".
Solution: When we see this message with SharePoint hosted apps, the resolution is to check if appdomain has been created. Both the App Management and subscription setting services have been created and started. App URLs have been configured from central admin. App routing is enabled by creating additional binding to the webapp OR by creating additional webapp for app routing.
But, most of the above settings are not required for ProviderHosted apps, like App Domain is not required for provider hosted apps, need not "Configure App Urls" from CA. Then what might be the issue with providerHosted apps...well, so far I have uncovered two reasons as to why we encounter error message "sorry, apps are turned off. if you know who runs the server, tell them to enable apps"." there are as follows:-
1. For provider hosted apps to run with ACS as trust broker, we need to replace the default SharePoint STS cert with self-signed cert or publically owned cert. And this cert has to be uploaded to Azure/office 365 tenancy. So in my case the error message was showing up because, the cert was not uploaded to Azure/office 365 tenancy.
2. Another reason might be that your STS cert has expired, in which case you might have to get new cert or renew existing cert and register the new cert with Azure/office 365
Solution: When we see this message with SharePoint hosted apps, the resolution is to check if appdomain has been created. Both the App Management and subscription setting services have been created and started. App URLs have been configured from central admin. App routing is enabled by creating additional binding to the webapp OR by creating additional webapp for app routing.
But, most of the above settings are not required for ProviderHosted apps, like App Domain is not required for provider hosted apps, need not "Configure App Urls" from CA. Then what might be the issue with providerHosted apps...well, so far I have uncovered two reasons as to why we encounter error message "sorry, apps are turned off. if you know who runs the server, tell them to enable apps"." there are as follows:-
1. For provider hosted apps to run with ACS as trust broker, we need to replace the default SharePoint STS cert with self-signed cert or publically owned cert. And this cert has to be uploaded to Azure/office 365 tenancy. So in my case the error message was showing up because, the cert was not uploaded to Azure/office 365 tenancy.
2. Another reason might be that your STS cert has expired, in which case you might have to get new cert or renew existing cert and register the new cert with Azure/office 365
Wednesday, March 20, 2013
SharePoint2013: Debugging Provider Hosted Apps
Scenario: You have developed a provider hosted app and installed the app (.app pkg) on to SharePoint site and its app web on to a remote machine. Now how will you debug to figure out issues
Solution: You need to have visual studio installed on remote machine to debug.
Follow below steps for debugging provider hosted apps:-
1. Log on to remote machine where you have installed the app web.
2. Open the app web using visual studio as administrator and set a break point.
3. Log on to AP or FE and navigate to site on which you have installed the app using a browser.
4. Now back in the remote machine in Visual Studio go to Debug-->Attach to Process and attach w3wp.
5. Now in AP and FE server click on the app.
6. Now on the remote machine you see that your break point will hit.
Another way to debug is using IE developer (F12 developer tools) toolbar, by going to "Script" tab and click on "Start debugging".
Solution: You need to have visual studio installed on remote machine to debug.
Follow below steps for debugging provider hosted apps:-
1. Log on to remote machine where you have installed the app web.
2. Open the app web using visual studio as administrator and set a break point.
3. Log on to AP or FE and navigate to site on which you have installed the app using a browser.
4. Now back in the remote machine in Visual Studio go to Debug-->Attach to Process and attach w3wp.
5. Now in AP and FE server click on the app.
6. Now on the remote machine you see that your break point will hit.
Another way to debug is using IE developer (F12 developer tools) toolbar, by going to "Script" tab and click on "Start debugging".
Monday, March 18, 2013
How to replace default SharePoint STS certificate
Scenario: How to replace default SharePoint STS certificate
Solution:
$certPrkPath="<path to replacement certificate (.pfx file)>"
$stsCertificate=New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $certPrKPath, "<replacement certificate password>", 20
Solution:
$certPrkPath="<path to replacement certificate (.pfx file)>"
$stsCertificate=New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $certPrKPath, "<replacement certificate password>", 20
Set-SPSecurityTokenServiceConfig -ImportSigningCertificate
$stsCertificate -Confirm:$false
The above script replaces default STS certificate on all AP and FE servers in the SharePoint farm and paces it in the SharePoint trusted root authority of all AP and FE severs MMC console.
The above script replaces default STS certificate on all AP and FE servers in the SharePoint farm and paces it in the SharePoint trusted root authority of all AP and FE severs MMC console.
Thursday, March 14, 2013
SharePoint2013 Provider Hosted App and Chrome Control
Scenario: How to apply SharePoint look and feel for ProviderHosted App's remote web application
Solution: You have hosted a ProviderHosted app's remote web application on a remote machine. Now to apply SharePoint branding to it:-
1. Add below script tag in the "<head>" section
<script src="Scripts/sp.ui.controls.js" type="text/javascript"></script>
2.Open the landing page/start page of the remote app web application and add a "chrome" control to *.aspx page as below, in the "<head>" or "<body>" section.
<div id="chrome_ctrl_container" data-ms-control="SP.UI.Controls.Navigation" data-ms-options='{
"appTitle" : "BasicSelfHostedApp"}'> </div>
Now SharePoint style sheet will be available to your web application through chrome control. Add below line in *.aspx page to see it in action.
<h2 class="ms-accentText">SharePoint Site:</h2>
Solution: You have hosted a ProviderHosted app's remote web application on a remote machine. Now to apply SharePoint branding to it:-
1. Add below script tag in the "<head>" section
<script src="Scripts/sp.ui.controls.js" type="text/javascript"></script>
2.Open the landing page/start page of the remote app web application and add a "chrome" control to *.aspx page as below, in the "<head>" or "<body>" section.
<div id="chrome_ctrl_container" data-ms-control="SP.UI.Controls.Navigation" data-ms-options='{
"appTitle" : "BasicSelfHostedApp"}'> </div>
Now SharePoint style sheet will be available to your web application through chrome control. Add below line in *.aspx page to see it in action.
<h2 class="ms-accentText">SharePoint Site:</h2>
Tuesday, March 12, 2013
SharePoint2013 providerhosted app with ACS error : The parameter 'token' cannot be a null or empty string
Scenario: Today when I hosted ProviderHosted app web application (stand alone ASP.Net web application which is part of the ProviderHosted app solution) on a remote machine and installed or added the app (.app) on a SharePoint farm I have been greeted with following error.
Error message while navigating to a remote machine on which ProviderHosted app web application is hosted:-
The parameter 'token' cannot be a null or empty string.
Following is the welcome error message, when I click on the ProviderHosted app from SharePoint farm/site:-
Resolution: Although similar error message is shown for several other reasons, looking at these things may help you fix the issue. Basically you need internet access on a remote machine on which you are hosting the ProviderHosted app web application, so that it can talk to ACS and get the context token, access token, refresh token and also talk back to SharePoint farm to get host web properties of a SharePoint site like: site title, site lists, logged-in user etc.
Based on how your environment and DNS setting are configured. You might have to add the following section (in case you do not have internet connectivity on remote machine) to remote ProviderHosted app web application's web.config (stand alone ASP.Net web application which is part of the ProviderHosted app solution) hosted on remote machine.
<system.net>
<defaultProxy>
<proxy usesystemdefault="True"
proxyaddress="http://internetaccessProxySite.com"/>
<bypasslist>
<add address="https://mysharepointsite.com"></add>
</bypasslist>
</defaultProxy>
<system.net>
Remove/comment the complete <system.serviceModel> section in web.config of remote Providerhosted app web application.
Make sure that the current logged-in user has required permissions to the SharePoint site. Else it may throw access denied error when your remote app web is trying to read SharePoint data.
Error message while navigating to a remote machine on which ProviderHosted app web application is hosted:-
The parameter 'token' cannot be a null or empty string.
Following is the welcome error message, when I click on the ProviderHosted app from SharePoint farm/site:-
Resolution: Although similar error message is shown for several other reasons, looking at these things may help you fix the issue. Basically you need internet access on a remote machine on which you are hosting the ProviderHosted app web application, so that it can talk to ACS and get the context token, access token, refresh token and also talk back to SharePoint farm to get host web properties of a SharePoint site like: site title, site lists, logged-in user etc.
Based on how your environment and DNS setting are configured. You might have to add the following section (in case you do not have internet connectivity on remote machine) to remote ProviderHosted app web application's web.config (stand alone ASP.Net web application which is part of the ProviderHosted app solution) hosted on remote machine.
<system.net>
<defaultProxy>
<proxy usesystemdefault="True"
proxyaddress="http://internetaccessProxySite.com"/>
<bypasslist>
<add address="https://mysharepointsite.com"></add>
</bypasslist>
</defaultProxy>
<system.net>
Remove/comment the complete <system.serviceModel> section in web.config of remote Providerhosted app web application.
Make sure that the current logged-in user has required permissions to the SharePoint site. Else it may throw access denied error when your remote app web is trying to read SharePoint data.
SharePoint2013 farm is broken (page cannot be displayed error message) after ACS configuration
Scenario: SharePoint 2013 farm is broken after ACS configuration. Part of ACS configuration involves replacing the OOB STS certificate with custom or self signed cert. But, after replacing the default STS cert with self-singed cert, you may notice that navigating to any of the sites displays page not found error.
At this point you may see following error message in the event viewer:-
Resolution: Install the cert to "SharePoint trusted root authority", from CA-->Security-->Manage trust.
At this point you may see following error message in the event viewer:-
An operation failed because the
following certificate has validation errors:
Subject Name:
CN= providerhosted.app.com
Issuer Name:
CN=providerhosted.app.com
Thumbprint:
AH65B00PL
Errors:
The root of the certificate chain
is not a trusted root authority..
Resolution: Install the cert to "SharePoint trusted root authority", from CA-->Security-->Manage trust.
Friday, March 8, 2013
SharePoint2013 installing an app to multiple site collections
Scenario: How to install an app to multiple site collections
Resolution:
1)Navigate to your "appcatalog" site
2) On Quick Launch click on "Site Contents"
3) Click on "add an app"
4) Select an app and add it, wait until it installs.
5) Now from Site Contents page hover over the app. You should see below screen.
6) Click on "Deployment" as in above screen shot. The "Manage App Deployments" page opens up as in below screen shot.
7) Enter "SiteCollection" URL and click on Add. You can add multiple Site Collections URLs.
8) And finally click ok. Now your app will be installed to multiple site collections you specified.
Resolution:
1)Navigate to your "appcatalog" site
2) On Quick Launch click on "Site Contents"
3) Click on "add an app"
4) Select an app and add it, wait until it installs.
5) Now from Site Contents page hover over the app. You should see below screen.
6) Click on "Deployment" as in above screen shot. The "Manage App Deployments" page opens up as in below screen shot.
7) Enter "SiteCollection" URL and click on Add. You can add multiple Site Collections URLs.
8) And finally click ok. Now your app will be installed to multiple site collections you specified.
Thursday, March 7, 2013
SharePoint2013 Site prompts for credentials
Scenario: When navigating to a Site SharePoint repeatedly prompts for credentials
Resolution:
1) In your Internet Explorer “Internet Options” menu "Security" tab, add your SharePoint site URL to the list of Intranet sites
2) Navigate to Internet Options-->Security click on "Custom Level" Under "User Authentication" change “Automatic logon only in Intranet Zone” to “Automatic logon with current username and password“.
3) Re-start IE and browse to the site.
Resolution:
1) In your Internet Explorer “Internet Options” menu "Security" tab, add your SharePoint site URL to the list of Intranet sites
2) Navigate to Internet Options-->Security click on "Custom Level" Under "User Authentication" change “Automatic logon only in Intranet Zone” to “Automatic logon with current username and password“.
3) Re-start IE and browse to the site.
Thursday, February 7, 2013
SharePoint 2013 Provider-hosted Apps: The specified application identifier is invalid or does not exist
Scenario: When you are trying to install Provider-hosted .app package provided by third party Or when moving your app package from Development machine to Test or Production machine and trying to install your app. You may hit below error message, as I have today :-
The specified application identifier cbd25585-947e-4b9d-8686-ed695101ed9a is invalid or does not exist.
Resolution1: Run all of the below commands in SharePoint 2013 management shell:-
$publicCertPath = "C:\AppCerts\HighTrustSampleCert.cer"
$appId = "cbd25585-947e-4b9d-8686-ed695101ed9a"
$spurl ="https://mycompany.com/"
$spweb = Get-SPWeb $spurl
$realm = Get-SPAuthenticationRealm -ServiceContext $spweb.Site
$certificate = Get-PfxCertificate $publicCertPath
$fullAppIdentifier = $appId + '@' + $realm
New-SPTrustedSecurityTokenIssuer -Name "TheaterCompany" -Certificate $certificate -RegisteredIssuerName $fullAppIdentifier
$appPrincipal = Register-SPAppPrincipal -NameIdentifier $fullAppIdentifier -Site $spweb -DisplayName "TheaterCompany"
Set-SPAppPrincipalPermission -Site $spweb -AppPrincipal $appPrincipal -Scope Site -Right FullControl
Note: Before running the above commands,replace the $appId with the ID reported in the error message. Also modify other variables like $spurl etc. as per your environment.
Resolution2 (Recommended): To get away with the above error message. Create a ClientID and ClientSecret using "_layouts/15/appregnew.aspx" page. Basically, you need to register your app on the target SharePoint farm where you intend to deploy your app. And then use those generated ClientID and ClientSecret while packaging your app in your dev environment.
The specified application identifier cbd25585-947e-4b9d-8686-ed695101ed9a is invalid or does not exist.
Resolution1: Run all of the below commands in SharePoint 2013 management shell:-
$publicCertPath = "C:\AppCerts\HighTrustSampleCert.cer"
$appId = "cbd25585-947e-4b9d-8686-ed695101ed9a"
$spurl ="https://mycompany.com/"
$spweb = Get-SPWeb $spurl
$realm = Get-SPAuthenticationRealm -ServiceContext $spweb.Site
$certificate = Get-PfxCertificate $publicCertPath
$fullAppIdentifier = $appId + '@' + $realm
New-SPTrustedSecurityTokenIssuer -Name "TheaterCompany" -Certificate $certificate -RegisteredIssuerName $fullAppIdentifier
$appPrincipal = Register-SPAppPrincipal -NameIdentifier $fullAppIdentifier -Site $spweb -DisplayName "TheaterCompany"
Set-SPAppPrincipalPermission -Site $spweb -AppPrincipal $appPrincipal -Scope Site -Right FullControl
Note: Before running the above commands,replace the $appId with the ID reported in the error message. Also modify other variables like $spurl etc. as per your environment.
Resolution2 (Recommended): To get away with the above error message. Create a ClientID and ClientSecret using "_layouts/15/appregnew.aspx" page. Basically, you need to register your app on the target SharePoint farm where you intend to deploy your app. And then use those generated ClientID and ClientSecret while packaging your app in your dev environment.
Wednesday, January 30, 2013
SharePoint 2013 Provider Hosted App referencing\loading ASP.Net web application deployed to another server\machine not part of 2013 farm using server to server (S2S) trust
Scenario: In this post I will be explaining the
process of loading ASP.Net webapplication deployed to remote server (remote server
is not part of the SharePoint farm), in to SharePoint provider hosted app using
server to server trust (S2S). The provider hosted app is deployed to SharePoint
2013 farm.
9. Go
to IIS Manager, expand sites. Right click on the SSL enabled web application you
created as part of pre-requisite and click on “Edit Bindings”. Here create a
new “https” binding, select port 443 and select “test” for SSL certificate as
shown in below screen shot and click “Ok”.
The remote
web application will have all the UI and business logic.
Prerequisite’s:
1. You need
to have SharePoint 2013 farm up and running.
2. Ensure
that App Management service and User profile service applications are started.
3. Visual studio
2012 installed on remote server and Sharepoint dev environment.
4. Install
visual studio app templates on your Sharepoint2013 dev environment. You can download
the app dev templates from here under “Tools”:
5. Create a SSL
enabled web application in SharePoint 2013 farm, this is the site you will
deploy your provider hosted app to.
Walkthrough:
Log-on to SharePoint 2013 machine and
do the following:-
1. Create a self-signed certificate in IIS as shown in below screen shot name it; say ‘test’ and click on “Ok”.
2. Right click on newly created certificate ‘test’ in IIS and select “Export” the “Export Certificate” wizard will open as shown in below screen shot.
Here provide path to save on disk, type the password and
click ok. The certificate will be stored with .pfx extension in the said
location.
3. Within
IIS double click on “test” certificate, the “Certificate” wizard will open as
shown in below screen shot.
Go
to “Details” tab and click on “Copy to File”. Click on “Next” thrice with
default values selected. As shown in below screen shot.
Here
browse to the location where you want to save this certificate and give it a
name test.cer and click “save”. Click “Next” and click “finish”.
4. Now
copy the “test.cer” created in step 3, to remote VM\machine where you want to
host the Remote webapplication containing the UI and business logic for the
SharePoint app.
5. On
your SharePoint dev environment open visual studio 2012 as administrator, click
fileà new Project
and under “Other Project types” select “Visual Studio Solutions” and give
project a name say “test” and click “Ok”. Now right click on Solution explorer
test, go to Addà new
project, under “Office/SharePoint” click “Apps” and select “App for Sharepoint
2013” template give it a name say “test1” and click “Ok”. The “New App for
SharePoint” wizard will open as shown in below screen shot.
Fill
the other details as shown in the above screen shot and click “Next”. The “Configure
authentication settings” wizard will open as shown in below screen shot
<!--[endif]-->
Here
select “Use a certificate” option and in “Certificate location” select the path
were you have stored the “test.pfx” file in step 2. Type a password you have
given previously. For the “Issuer ID” generate a guid from visual studio,
convert it in to lower case and paste it. Make a note of the “Issuer ID” guid,
you need it later. Click “Finish”
Note: the “Issuer ID” guid must all be in
lower case, if not make it lower case.
6. Now
go to “AppManifest.xml” and update “ClientId” value “*” with “Issuer ID” guid
from step 5.
7. Update the “StartPage” value in the “AppManifest.xml”
with landing page of the WebApplication hosted on remote web server. It should
look similar to below
Where
“11.200.217.176” is the IP address of the remote webserver/machine where the
remote web application is installed.
8.Open
SharePoint 2013 Management Shell and execute below CMDLETs
$publicCertPath = "<cert
path>"
$appId = "<Issuer ID/Client ID>"
$spurl
="https://mycompany.com/"
$spweb = Get-SPWeb $spurl
$realm = Get-SPAuthenticationRealm
-ServiceContext $spweb.Site
$certificate = Get-PfxCertificate
$publicCertPath
$fullAppIdentifier = $appId + '@' +
$realm
New-SPTrustedSecurityTokenIssuer -Name
"Test1" -Certificate $certificate -RegisteredIssuerName
$fullAppIdentifier
$appPrincipal =
Register-SPAppPrincipal -NameIdentifier $fullAppIdentifier -Site $spweb
-DisplayName "Test1"
Set-SPAppPrincipalPermission -Site
$spweb -AppPrincipal $appPrincipal -Scope Site -Right FullControl
Where "<cert path>" is the
path where you have stored the certificates in step 2. "<Issuer ID/Client ID>" is the lower case GUID
created in step 5. “$spurl” is the
site you want to install/debug your app to. Press “enter” in O15 Management
shell.
10. Now in Visual studio 2012 press
Ctrl+F5 to deploy the app to SharePoint site. On successful deployment, when
you click on the app the “remote web application” landing page will be loaded.
Deploying or Installing Webapplication
on remote web server.
The
webapplication on remote webserver can be developed using any technology, but
here I am using .net and IIS web server.
1.Log on to the remote web server
2.Open visual studio 2010 as administrator and create new project with “ASP.Net Web Forms Application” name it say “test”.
3. In solution explorer go to “default.aspx” page find <asp:Content> tag with ID=”BodyContent” clear all the code in between this <asp:content> and place a button with “onClick” event. Go to buttons code view and in it’s click event, type some text like “Hello from remote web app”.
4.Build the solution.
5.After successful build, in solution explorer select “test” project, right click and select “Publish” and publish it to IIS. The details steps on how to publish the web application to IIS using visual studio can be found here:-
Alternatively, you can use web platform installer4.0 and web deploy component to publish web application to IIS.
6.Open IIS Manager, on remote web server; go to the site on to which you published the web application in step 5. Click on “Bindings” under “Actions” and add “https” binding with port 443 and select “test.cer” certificate (the test.cer certificate must be copied from SharePoint 2013 farm and must be imported to IIS to be used on remote web server).
The above demonstration is from developer’s
point of view, which can be easily extended to production environments.
Tuesday, January 29, 2013
SharePoint2013: How to add an app from App Catalog to a site
Scenario: How to add an app to a site from App Catalog.
Solution: On Site Collection click on "Site Contents" then click on "add an app". Then from the "Quick launch navigation" on the left click on "From Your Organization" as show in below screen shot:-
If you have uploaded the app to your Organization's app catalog, you should see it now. You then just click on your app to add it on to your site.
Solution: On Site Collection click on "Site Contents" then click on "add an app". Then from the "Quick launch navigation" on the left click on "From Your Organization" as show in below screen shot:-
If you have uploaded the app to your Organization's app catalog, you should see it now. You then just click on your app to add it on to your site.
Saturday, January 26, 2013
SharePoint 2013 Provider hosted high trust app server returned an error: (401) Unauthorized or 403 forbidden
Scenario: While deploying
provider hosted high trust app on to http site on port 80 (not https), I got 401 and 403 forbidden error
Solution: If you get this error ensure below steps:-
1. There is no user profile created for the user the app is acting on behalf of. Ensure that you have created a user profile for the user accessing the remote app.
2. You app certificate was not added to the trusted certificate store.
3. Your .NET web application is accepting anonymous requests. This means there is not a real user identity in the access token. Ensure that the root directory of your remote web app has anonymous access disabled in IIS.
If none of the above worked for you then run below command in "SharePoint 2013 Management Shell":-
$serviceConfig = Get-SPSecurityTokenServiceConfig
$serviceConfig.AllowOAuthOverHttp = $true
$serviceConfig.Update()
The above command will turn off the HTTPS
Solution: If you get this error ensure below steps:-
1. There is no user profile created for the user the app is acting on behalf of. Ensure that you have created a user profile for the user accessing the remote app.
2. You app certificate was not added to the trusted certificate store.
3. Your .NET web application is accepting anonymous requests. This means there is not a real user identity in the access token. Ensure that the root directory of your remote web app has anonymous access disabled in IIS.
If none of the above worked for you then run below command in "SharePoint 2013 Management Shell":-
$serviceConfig = Get-SPSecurityTokenServiceConfig
$serviceConfig.AllowOAuthOverHttp = $true
$serviceConfig.Update()
The above command will turn off the HTTPS
SharePoint 2013 "Error occurred in deployment step 'Install app for SharePoint': The System Account cannot perform this action"
Scenario: When I was trying to deploy an APP to SharePoint 2013 farm I got below error message
"Error occurred in deployment step 'Install app for SharePoint': The System Account cannot perform this action".
Solution: One approach that I would suggest to get rid of the above error is to have two accounts:-
1. Have a system account, this account should be added to Administrators group of the SharePoint machine/VM
2. While creating the SharePoint2013 farm (i.e while joining to a new farm) use a different account, other than system account used in step1
So basically when you login to your SharePoint VM/machine you login with account in step 1. But, the farm admin and all of your application pools must be running on account created in step2.
Note: If you try to change the App pool account from IIS manager to different account after the farm has been created it may not work, atleast it didn't work for me.
One way to check this setting has worked for you, is by looking at the "WelcomeMenu" on top right of the SharePoint site, it should show you the account in step1. It should not display "System Account" on welcome menu.
"Error occurred in deployment step 'Install app for SharePoint': The System Account cannot perform this action".
Solution: One approach that I would suggest to get rid of the above error is to have two accounts:-
1. Have a system account, this account should be added to Administrators group of the SharePoint machine/VM
2. While creating the SharePoint2013 farm (i.e while joining to a new farm) use a different account, other than system account used in step1
So basically when you login to your SharePoint VM/machine you login with account in step 1. But, the farm admin and all of your application pools must be running on account created in step2.
Note: If you try to change the App pool account from IIS manager to different account after the farm has been created it may not work, atleast it didn't work for me.
One way to check this setting has worked for you, is by looking at the "WelcomeMenu" on top right of the SharePoint site, it should show you the account in step1. It should not display "System Account" on welcome menu.
Thursday, January 3, 2013
SharePoint implementing Application pages security using object model code
Scenario: Restricting Application page content to be viewed only by logged in user(s) who have full control
Solution:
SPWeb myWeb = SPContext.Current.Web;
//get logged in user permissions levels
SPRoleDefinitionBindingCollection UserPrmissions = myWeb.AllRolesForCurrentUser;//get all the permissions level on the current web
SPRoleDefinitionCollection sitePermissionCollection = myWeb.RoleDefinitions;
SPRoleDefinition roleDef = sitePermissionCollection["Full Control"];
if(UserPrmissions.Contains(roleDef))
//show content only to users who have full control
Solution:
SPWeb myWeb = SPContext.Current.Web;
//get logged in user permissions levels
SPRoleDefinitionBindingCollection UserPrmissions = myWeb.AllRolesForCurrentUser;//get all the permissions level on the current web
SPRoleDefinitionCollection sitePermissionCollection = myWeb.RoleDefinitions;
SPRoleDefinition roleDef = sitePermissionCollection["Full Control"];
if(UserPrmissions.Contains(roleDef))
//show content only to users who have full control
Delete\Remove custom Site Colums using SharePoint object model
Scenario: Delete\Remove Site Columns using SharePoint Object model code
Solution: Add a feature receiver and in FeatureUninstalling write below code
SPWeb myWeb = properties.Feature.Parent as SPWeb;
myWeb.Fields["{GUID of Site column to delete}"].Delete();
Solution: Add a feature receiver and in FeatureUninstalling write below code
SPWeb myWeb = properties.Feature.Parent as SPWeb;
myWeb.Fields["{GUID of Site column to delete}"].Delete();
SharePoint2013 Enable Licensing and office webapps editing for all SAML custom claims provider users
Scenario: How to enable licensing\ Office webapps edit for all SAML custom claims provider users
Solution: In SharePoint2013 management shell execute below commands
1) $allCustomProviderUsers = New-SPClaimsPrincipal -EncodedClaim "c:0!.s|trusted%3aCustomClaimsProvidername"
Get-SPWebApplication | select Url | %{New-SPUserLicenseMapping -Claim $allCustomProviderUsers –License "Enterprise" -WebApplication $_.Url | Add-SPUserLicenseMapping}
Enable-SPUserLicensing
2)
$allCustomProvideraccount = New-SPClaimsPrincipal -EncodedClaim "c:0!.s|trusted%3aCustomClaimsProvidername"
Get-SPWebApplication | select Url | %{ New-SPUserLicenseMapping -Claim $allCustomProvideraccount
-License "OfficeWebAppsEdit" -WebApplication $_.Url | Add-SPUserLicenseMapping}
Replace "CustomClaimsProvidername" with your custom claims provider name in your environment.
Solution: In SharePoint2013 management shell execute below commands
1) $allCustomProviderUsers = New-SPClaimsPrincipal -EncodedClaim "c:0!.s|trusted%3aCustomClaimsProvidername"
Get-SPWebApplication | select Url | %{New-SPUserLicenseMapping -Claim $allCustomProviderUsers –License "Enterprise" -WebApplication $_.Url | Add-SPUserLicenseMapping}
Enable-SPUserLicensing
2)
$allCustomProvideraccount = New-SPClaimsPrincipal -EncodedClaim "c:0!.s|trusted%3aCustomClaimsProvidername"
Get-SPWebApplication | select Url | %{ New-SPUserLicenseMapping -Claim $allCustomProvideraccount
-License "OfficeWebAppsEdit" -WebApplication $_.Url | Add-SPUserLicenseMapping}
Replace "CustomClaimsProvidername" with your custom claims provider name in your environment.
Subscribe to:
Posts (Atom)