Logo
programming4us
programming4us
programming4us
programming4us
Home
programming4us
XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
Windows Server

Microsoft Sharepoint 2013 : Application Authentication (part 1) - Cloud App Model, OAuth

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
11/29/2014 8:19:22 PM

This section begins with a brief overview of the new Cloud App Model. This is followed by a discussion of the critical role that OAuth plays in SharePoint 2013 authentication. The section concludes with two examples that illustrate the use and process of app authentication, including a detailed discussion of the OAuth process.

Cloud App Model

The new SharePoint 2013 Cloud App Model enables developers to provide solutions, called apps in the new terminology, to extend the capabilities of SharePoint 2013. The new app model describes a new paradigm for a solution that is self-contained, installs and uninstalls easily, does not negatively impact SharePoint performance, is applicable to SharePoint 2013 on-premise or in the cloud, and is easy to use. Like it or not, this is the new world. Two key points are pertinent to our discussion:

  • SharePoint apps refer to complete solutions for customizing SharePoint 2013 that were created using the new app model.
  • SharePoint apps require claims authentication on the SharePoint web application.

SharePoint apps can be obtained from one of two sources: the Office Store (sometimes also referred to as the SharePoint Store), located publically on the Internet and managed by Microsoft, and an enterprise application store located inside the SharePoint 2013 farm known as the app catalog. An app catalog is created within a SharePoint 2013 web application. The important point here is that these app locations are installation points for the app; the app is not installed in the store. The store is where administrators and any users with the proper permissions go to install an app, or download the app for inclusion in the app catalog.


One of the key drivers for the new app model is to ensure that SharePoint apps do not negatively affect the performance of the SharePoint environment, and therefore they are applicable to both on-premises environments owned by corporations, and public, multi-tenant environments such as Office 365. This is accomplished by not allowing any of the actual code from the app to be installed inside the SharePoint environment; SharePoint does not host the app. The SharePoint app is hosted in one of three places:

  • Provider-hosted — This type of app is hosted on a separate set of servers from the SharePoint farm. These servers can be located on-premise as part of the corporate enterprise or hosted in the cloud.
  • Autohosted in Windows Azure — This is only available for SharePoint 2013 online, which is part of Office 365. The app runs as a web role in Windows Azure, and uses ACS to obtain the security token.
  • SharePoint-hosted — The app is hosted in a SharePoint 2013 website that is part of the site collection where the app is installed. This has historically been referred to as a subsite, but in the app model it is referred to as a subweb or app web. In a multi-tenant scenario such as SharePoint 2013 Online, the app runs in the app catalog.

The administrator should note that apps running on-premise are either provider-hosted or SharePoint-hosted. Every authentication method is supported by on-premises apps with one very notable exception: SAML authentication is supported only for certain identity providers.

OAuth

The flexibility of the app model means that components of an application could be in SharePoint, on an app server on the corporate intranet, or hosted on the public Internet. If these components request secured SharePoint resources, then these requests need to be authenticated. SharePoint 2013 uses OAuth 2.0 to allow applications to access SharePoint resources in one of three ways:

  • With the combined permissions of the application and the user
  • With only the permissions of the application
  • With only the permissions of the user

Resource access is enabled by defining a trust relationship between the application and SharePoint 2013. If necessary, it also uses a relationship between SharePoint 2013 and Windows Azure Access Control Service (ACS). These trust relationships are very similar to how SharePoint interacts with an STS in the user authentication scenario. Note the following key points about OAuth’s role in SharePoint authentication:

  • OAuth enables users to approve an application to act on their behalf without sharing their username and password.
  • OAuth is used only for access tokens that are used to retrieve data from SharePoint 2013. In the context of the app model, this means it is used to authorize app requests for SharePoint resources.
  • App permissions are based on trust, and are granted upon initial installation of the app.
  • Apps installed from the SharePoint Store can use ACS as its STS.
  • OAuth is not used for user authentication.
  • OAuth is used as part of the server-to-server authentication capability.
  • OAuth is used as part of the “app authentication” process, which is discussed in the next section.
Other -----------------
- Microsoft Sharepoint 2013 : User Authentication (part 4) - Using Claims-Based Identity - Federated User Authentication Process
- Microsoft Sharepoint 2013 : User Authentication (part 3) - Using Claims-Based Identity - Understanding the User Authentication Process and Authentication Providers
- Microsoft Sharepoint 2013 : User Authentication (part 2) - Using Claims-Based Identity
- Microsoft Sharepoint 2013 : User Authentication (part 1) - Claims-Based Identity
- Microsoft Sharepoint 2013 : What’s New with Claims and Authorization?
- Sharepoint 2013 : Client-side Programming - Working with the REST API (part 3)
- Sharepoint 2013 : Client-side Programming - Working with the REST API (part 2) - Working with the REST API in JavaScript
- Sharepoint 2013 : Client-side Programming - Working with the REST API (part 1) - Understanding REST fundamentals
- Migrating to Exchange Server 2007 : Migrating from Exchange 2000 Server or Exchange Server 2003 to Exchange Server 2007 (part 7)
- Migrating to Exchange Server 2007 : Migrating from Exchange 2000 Server or Exchange Server 2003 to Exchange Server 2007 (part 6)
 
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
 
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server