Setting up Provider hosted apps environment with SharePoint 2013
Step By Step Guide
SharePoint Central Admin Prerequisites
SharePoint you must have the following service applications provisioned and started:
·Subscription Service Application with proxy
·Subscription Settings Service instance started
·Application Management Service Application and proxy
·App Management Service instance started
·Must have User Profile Service started
Prerequisite (Need to check if we need to setup ADFS on INT environment?)
1.SharePoint 2013 server is ready with apps configured
2.ADFS 3.0 server is ready with realm set to SharePoint.
3.ADFS is registered with SharePoint as a trusted identity provider.
4.ADFS 3.0 server is ready with realm set to asp.net provider hosted app
5.Server is ready for hosting asp.net provider hosted app.
6.Load balancer configured for provider hosted web application
7.Certificate is available in private, public part along with password.
Step 1: Create a Certificate
1.In the development environment you can use a self-signed certificate, but you would need a commercial certificate when you publish your Apps to store. So we will create a self-signed one. In the IIS manager, click on Server Certificates.
2.Click on Create Self Signed Certificate
3.Enter some meaningful name like HighTrustCert and Click on Ok.
4.Now we need to export the personal exchange format (.pfx) file. Right Click on the Certificate in IIS click on Export and provide an accessible location. Also enter the password that you want to use and Click on Ok
5.Next, double click on the Certificate in IIS. Click on Details tab and click onCopy to File.
6.Now you should see the Certificate Export Wizard (remember earlier we exported the .pfx file). The first screen elucidate the significance of what we are doing. Keep Clicking Next across the three screens. Below screenshots demonstrate the same. I keep all the default options. Just one thing to mark that now we are now exporting the .cer file. I choose the same location. Click onSave.
And finally, click on Finish. You should see you the message “The export was successful”.
Step 2: Run Windows PowerShell cmdlets to set up trusted security token service
1.Run SharePoint 2013 Management Shell as administrator. First thing first, you need an Issuer ID. An important point, it has to be Lowercase only.
Create a GUID with Visual Studio. Make sure all letters are lowercase. For e.g.7591c7a2-cc56-40ef-8f71-20a4d8450ed7
2.Run the below PowerShell cmdlets to create trusted security token service.
This will add certificate to both Personal Store and Trusted Root Certification Authorities store in mmc. To verify, go to your Trusted Root Certification Authorities Store and you should see your Certificate there
Significance / additional info of the cmdlets
issuerID : assigning the GUID generated in the previous step
publicCertPath : path where I saved my .cer file.
web : your Developer site URL
realm : should be the same as your farm ID
New-SPTrustedSecurityTokenIssuer : Just a tip, when you use the Name parameter it can be helpful to include a readable name, such as “High Trust App” or “Contoso S2S apps” instead of the issuer ID.
IsTrustBroker: this flag ensures that you can use the same certificate for other apps as well. If you don’t include this, you might receive “The issuer of the token is not a trusted issuer" error. So we have two possible approaches each having their own pros and cons .i.e. use the same certificate shared by multiple apps Or use a separate certificate for each app. Read additional details at Guidelines for using certificates in high-trust apps for SharePoint 2013
iisreset : to ensure the Issuer becomes valid, else it takes 24 hours.
Additionally you can turn off the https requirements using below PowerShell cmdlets. But ensure to turn it on by changing $true to $false in the second cmdlet below.
$serviceConfig = Get-SPSecurityTokenServiceConfig
$serviceConfig.AllowOAuthOverHttp = $true
Refer to the screenshot below of for the complete steps:
Step 3: Create a Simple “High Trust” Provider Hosted App using Visual Studio 2012(DEVELOPMENT)
1.Click New Project -> App for SharePoint 2013
2.Select ASP.NET MVC web app
3.Now select the PFX certificate generated in the last step. Provide password and Issuer ID
4.This will create a new MVC project.
5.Now Visual studio created two projects with in the same solution. MVCApp1 is the SharePoint App and MVCApp1Web is the remote webapp. Only artifact of the MVCApp1 is the appmanifest.xml. This is similar to what feature.xml to WSP. We provide the version, permission and startpage details of the app.
6.Make sure Windows authentication is enabled for web project, and check other settings as well.
7.Now you can directly debug the app by pressing f5. Now login to app using your windows credentials and trust the app. This will lead to sample app hosted from VS2013 if all the settings are right.
Step 4: Create App Domain and Set for SharePoint (DEPLOYMENT)
Configure App Domain
1.Create App Catalog site – new site from going in Central Admin – Apps – Manage App Catalog, Create new site collection
2.Configure App URLs
If you get a message - The Subscription Settings service and corresponding application and proxy needs to be running in order to make changes to these settings.
Run the belowPS script to create new service application for subscription service... Though service is already running but service application is missing