SharePoint 2013 Server Configuration For App Model - Provider Hosted App With High Trust

I know there are many articles on this topic but this one captures the procedure with screenshots and is proven by the following procedure for setting up a SharePoint 2013 server for a provider-hosted application app model configuration with high trust s2s.

It has been configured on over 50 SharePoint development servers.

The following procedure has been documented in SharePoint App Model Procedure.

SP 2013 Server App Model Configuration – One Time

Create an isolated app domain on your development computer.

Ensure that the spadmin and sptimer services are running by opening a command prompt and typing the following commands.

  1. net start spadminv4 net start sptimerv4  

Create your isolated app domain by running the SharePoint Management Shell as an administrator and typing the following command.

  1. Set-SPAppDomain "wbmsspdev19" 

Ensure that the SPSubscriptionSettingsService and AppManagementServiceInstance services are running by typing the following command in the SharePoint Management Shell.

  1. Get-SPServiceInstance | where{$_.GetType().Name -eq "AppManagementServiceInstance" -or $_.GetType().Name -eq "SPSubscriptionSettingsServiceInstance"} | Start-SPServiceInstance 

Verify that the SPSubscriptionSettingsService and AppManagementServiceInstance services are running by typing the following command in the SharePoint Management Shell. The output will indicate whether each service is online.

  1. Get-SPServiceInstance | where{$_.GetType().Name -eq "AppManagementServiceInstance" -or $_.GetType().Name -eq "SPSubscriptionSettingsServiceInstance"

Specify an account, application pool and database settings for the SPSubscriptionService and AppManagementServiceInstance services by typing the following code in the SharePoint Management Shell. If you created a SPManagedAccount in the preceding step, use that account name here.

  1. $account = Get-SPManagedAccount "wb\spm13dev" (spm13dev is a service account) $appPoolSubSvc = New-SPServiceApplicationPool -Name SettingsServiceAppPool -Account $account $appPoolAppSvc = New-SPServiceApplicationPool -Name AppServiceAppPool -Account $account $appSubSvc = New-SPSubscriptionSettingsServiceApplication –ApplicationPool $appPoolSubSvc –Name SettingsServiceApp –DatabaseName SettingsServiceDB $proxySubSvc = New-SPSubscriptionSettingsServiceApplicationProxy –ServiceApplication $appSubSvc $appAppSvc = New-SPAppManagementServiceApplication -ApplicationPool $appPoolAppSvc -Name AppServiceApp -DatabaseName AppServiceDB $proxyAppSvc = New-SPAppManagementServiceApplicationProxy -ServiceApplication $appAppSvc

Specify your tenant name by typing the following code in the SharePoint Management Shell.

  1. Set-SPAppSiteSubscriptionName -Name "app" -Confirm:$false 

Then create a web application and site collection with Developer site template

For example: http://wbmsspdev19:1001/

To create a self-signed test .pfx certificate file:

  1. When you are debugging a high-trust app for SharePoint in Visual Studio, the remote web application is hosted in IIS Express on the machine where Visual Studio is installed. So the remote web application computer doesn't have an IIS Manager where you can create the certificate. For this reason, you use the IIS on the SharePoint test server to create the certificate. In IIS manager, select the ServerName node in the tree view on the left.

  2. Select the Server Certificates icon, as shown in Figure 1.

    Server Certificates option in IIS
    Figure 1. Server Certificates option in IIS

  3. Select the Create Self-Signed Certificate link from the set of links on the right side, as shown in Figure 2.

    Create Self Signed Certificate link
    Figure 2. Create Self-Signed Certificate link

  4. Name the certificate WBMSSPDEV19HighTrustCert, select Web Hosting and then choose OK.

  5. Right-click the certificate and then select Export, as shown in Figure 3.

    Exporting a test certificate
    Figure 3. Exporting a test certificate

  6. In Windows, or at a command line, create a folder called C:\Certs.

  7. Back in IIS Manager, export the file to C:\Certs and provide it a password. In this example, the password is password.

To create a corresponding .cer file

  1. In IIS manager, select the ServerName node in the tree view on the left.

  2. Double-click Server Certificates.

  3. In the Server Certificates view, double-click WBMSSPDEV19HighTrustCert to display the certificate details.

  4. On the Details tab, choose Copy to File to launch the Certificate Export Wizard and then choose Next.

  5. Use the default value No, do not export the private key and then choose Next.

  6. Use the default values. Choose Next.

  7. Choose Browse, browse to C:\Certs, name the certificate WBMSSPDEV19HighTrustCert and then choose Save. The certificate is saved as a .cer file.

  8. Choose Next.

  9. Choose Finish.

Configuration

Configure SharePoint 2013 to use certificates and configure trust for your app as in the following:

  1. $publicCertPath = "C:\Certs\WBMSSPDEV19HighTrustCert.cer" $certificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($publicCertPath) New-SPTrustedRootAuthority -Name "WBMSSPDEV19HighTrustCert" -Certificate $certificate $realm = Get-SPAuthenticationRealm $specificIssuerId = "11111111-1111-1111-1111-111111111119" $fullIssuerIdentifier = $specificIssuerId + '@' + $realm New-SPTrustedSecurityTokenIssuer -Name "WBMSSPDEV19 High Trust Cert" -Certificate $certificate -RegisteredIssuerName $fullIssuerIdentifier –IsTrustBroker iisreset $serviceConfig = Get-SPSecurityTokenServiceConfig $serviceConfig.AllowOAuthOverHttp = $true $serviceConfig.Update() 

Create Provider app

Use the following procedure for every new provider to create the New Provider app.

  1. Open Visual Studio and create a provider-hosted app.

    hosted app

  2. On the certificate screen, select the certificate from the C:\Cerfts folder and specify the issuer id 11111111-1111-1111-1111-111111111119.

    select the certificate

  3. Generate an app id using the URL appregnew.aspx. For example http://wbmsspdev19:1001/_layouts/15/Appregnew.aspx.

  4. Paste the app id as the client id into both the app and web projects.

    AppManifest.xml and web.config file.

    AppManifest

    code

  5. Create a web site on IIS and update this website info on appmanifest.xml and project URL under web properties.

    properties

    For example: <StartPage>http://wbmsspdev19:10001/SharePointApp1Web/Pages/Default.aspx?{StandardTokens}</StartPage>

    StartPage

    web

  6. Register every new provider app model app with the following script.

    1. clientID: generated in Step 3 above.

    2. targetSiteUrl: Provider app site URL.
      1. $appDisplayName = "SharePointApp1" $clientID = "53006f1e-5d06-4679-a449-f4cfff9c1f5f" $targetSiteUrl = "http://wbmsspdev19:1001/" $targetSite = Get-SPSite $targetSiteUrl $realm = Get-SPAuthenticationRealm -ServiceContext $targetSite $fullAppPrincipalIdentifier = $clientID + '@' + $realm $registeredAppPrincipal = Register-SPAppPrincipal -NameIdentifier $fullAppPrincipalIdentifier -Site $targetSite.RootWeb -DisplayName $AppDisplayName $registeredAppPrincipal | select * | Format-List $registeredAppPrincipal | select * | Format-List | Out-File -FilePath "Output.txt" 

References

Up Next
    Ebook Download
    View all
    Learn
    View all