1. Microsoft ® Official Course Creating Robust and Efficient Apps for SharePoint Microsoft SharePoint 2013 SharePoint Practice

2. Module Overview Apps for SharePoint Communicating with SharePoint from an App Authenticating and Authorizing Apps for SharePoint Designing Apps for Performance

3. Lesson 1: Apps for SharePoint Discussion: Why Create Apps? Fundamentals of Apps for SharePoint The App Package Demonstration: Exploring an App Package Distributing Apps for SharePoint Installation Scopes and App Domains Infrastructure for Apps

4. Discussion: Why Create Apps? What are apps for SharePoint? Why create an app?

5. Fundamentals of Apps for SharePoint Hosting models SharePoint-hosted apps Auto-hosted apps Provider-hosted apps App webs and host webs App is installed on the host web App resources are contained within a dedicated app web Accessing app functionality Full-page apps App parts Custom actions

6. The App Package Packaged as.app files App manifest defines: Start page URL App properties Permissions required by the app Prerequisites App principal identifier Package can also contain: Declarative components for the app web Features for the host web (app parts and custom actions) Application components for deployment to Azure

7. Demonstration: Exploring an App Package In this demonstration, you will see how pages and other assets are assembled into an app package.

8. Demonstration: Exploring an App Package

10. Distributing Apps for SharePoint App Catalog Internal catalog of apps within an organization One per web application (on-premises deployments) One per tenancy (Office 365 subscriptions) Office Store Global, publicly-accessible storefront Collects payment and supports licensing Apps published subject to approval process

11. Installation Scopes and App Domains Each installation of an app has: A unique security identifier A unique domain Installation scopes Site Tenancy App Domains App prefix Unique app ID Top-level app web hosting domain

12. Infrastructure for Apps App Management Service Subscription Settings Service

13. Lesson 2: Communicating with SharePoint from an App Using the REST API Performing CRUD Operations with REST Using the JavaScript Object Model Developing Robust JavaScript Code Discussion: REST API versus JavaScript Object Model Resolving Errors with the JavaScript Object Model Using the Managed Client Object Model

14. Using the REST API The REST API is provided by the client.svc service Exposed on every SharePoint site Accessible at the site-relative path _api Constructing REST API URLs http://intranet.contoso.com/_api/site http://intranet.contoso.com/_api/web/currentuser …/_api/web/lists/getbytitle("Invoices") Including OData query operators /_api/web/lists/getbytitle("Invoices")/items?$select=Title,Amount /_api/web/lists/getbytitle("Invoices")/items?$skip=10&$top=10

15. Performing CRUD Operations with REST Reading data Use _spPageContextInfo.webServerRelativeUrl to get the server-relative root URL of the SharePoint site Use $.getJSON() for simple requests Use $.ajax() for more complex requests Creating, updating, and deleting data Use $.ajax() Specify an appropriate HTTP verb Include the form digest in the X-RequestDigest header

16. Using the JavaScript Object Model Provides a client-side proxy for client.svc Interact with the server from SharePoint web pages Asynchronous programming model getSiteCollection = function () { context = new SP.ClientContext.get_current(); siteCollection = context.get_site(); context.load(siteCollection); context.executeQueryAsync (onSuccess, onFailure); } onSuccess = function () { alert(“URL: “ + siteCollection.get_url()); } onFailure = function () { alert(“Could not obtain the site collection URL”); }

17. Developing Robust JavaScript Code Strict JavaScript ‘use strict’; Script scope Function scope Encapsulation Use custom namespaces Use an encapsulation pattern Example: module pattern

18. Discussion: REST API versus JavaScript Object Model If you write JavaScript code for an app, you can use either the REST API or the JavaScript object model to communicate with SharePoint. In what circumstances would you use each approach?

19. Resolving Errors with the JavaScript Object Model A server-side error can cause a whole batch of operations to fail To avoid this, use an ExceptionHandlingScope Send try/catch/finally instructions to the server var scopeObject = new SP.ExceptionHandlingScope(context); // Start a try-catch-finally block var scopeBlock = scopeObject.startScope(); var tryBlock = scopeObject.startTry(); // This is the try block. tryBlock.dispose(); var catchBlock = scopeObject.startCatch(); // This is the catch block. catchBlock.dispose();

20. Using the Managed Client Object Model Client-side proxy for.NET applications ASP.NET MVC web applications Mobile apps Supports synchronous and asynchronous operations Similar functionality and patterns to JavaScript object model Client context object Load and LoadQuery ExecuteQuery and ExecuteQueryAsync ExceptionHandlingScope

21. Lesson 3: Authenticating and Authorizing Apps for SharePoint The App Security Model App Authentication Registering an App Principal Requesting Permissions Discussion: Requesting Permissions Working with Tokens Communicating Across Domain Boundaries

22. The App Security Model An app is a security principal Can be granted permissions Must be authenticated App principals Client ID Title Client secret Remote host domain App permissions Request permissions in app manifest All permissions must be granted when app is installed Users can only assign permissions they themselves hold

23. App Authentication Internal authentication Request targets an app web Request includes a SAML token for user SharePoint-hosted apps External authentication with Oauth Windows Azure ACS issues access token Access token contains app ID and user ID Auto-hosted apps External authentication with S2S Trust relationship configured by X.509 certificate exchange Remote web host server issues access token Provider-hosted apps

24. Registering an App Principal Registering app principals Automatic for SharePoint-hosted and auto-hosted apps Manual process for provider-hosted apps App manifest requirements Remote web.config requirements

25. Requesting Permissions <AppPermissionRequest Right=“Manage" Scope="http://sharepoint/content/sitecollection/web" /> <AppPermissionRequest Right="Read" Scope="http://sharepoint/content/tenant" /> <AppPermissionRequest Right="QueryAsUserIgnoreAppPrincipal" Scope="http://sharepoint/search" /> <AppPermissionRequest Right=“Read" Scope="http://sharepoint/content/sitecollection/web/lists" >

26. Discussion: Requesting Permissions Review the scenario in the handbook How would you configure permission requests for this app?

27. Working with Tokens Working with tokens Context tokens (OAuth only) Refresh tokens (OAuth only) Access tokens (OAuth and S2S) The TokenHelper class var contextToken = TokenHelper.GetContextTokenFromRequest(Page.Request); var hostURL = Page.Request["SPHostUrl"]; using (var context = TokenHelper.GetClientContextWithContextToken(hostURL, contextToken, Request.Url.Authority)) { context.Load(context.Web); context.ExecuteQuery; }

28. Communicating Across Domain Boundaries Cross-domain library SP.RequestExecutor.executeAsync method Access resources in app web from remote web page Web proxy SP.WebRequestInfo object SP.WebProxy.invoke method Access resources in external domain from web page Register external domain in app manifest

29. Lesson 4: Designing Apps for Performance Using SharePoint Health Scores Using Client-Side Caching Optimizing Server Requests

30. Using SharePoint Health Scores Every web application has a health score Integer value from 0 (good) to 10 (bad) Updated every five seconds SharePoint includes health score in every response X-SharePointHealthScore HTTP header $.ajax({ type: "GET", url: _spPageContextInfo.webServerRelativeUrl + "/_layouts/15/blank.htm", success: function (data, status, xhr) { alert(xhr.getResponseHeader("X-SharePointHealthScore")); } });

31. Using Client-Side Caching Responsive web pages: Minimize data exchange with server Maximize use of caching Caching in apps for SharePoint Browser caches responses to GET requests Caching automatic for REST API and JSOM Content Delivery Networks (CDNs) Provide popular content (such as script libraries) Host static content Maximize use of caching

32. Optimizing Server Requests Minimize bandwidth consumption Specify properties you want to retrieve Include filter expressions Filtering is performed on server Minimize server round trips Use batching

33. Lab: Monitoring SharePoint Health Scores Exercise 1: Creating and Deploying an App Part Exercise 2: Working with Server Health Scores

34. Lab Scenario The IT team at Contoso has released new performance and design guidelines for SharePoint app developers. One of the guidelines is that all apps should request a health score from the SharePoint server before attempting to perform any processing. As the lead SharePoint developer, your task is to create a reference app that demonstrates how to work with health scores. Within your app, you will use an app part to poll the server periodically and display a graphical representation of the current health score.

35. Module Review and Takeaways