Deploying MVC5 Based Provider Hosted Apps For On-Premise SharePoint 2013

10/30/2017 Deploying MVC5 based provider hosted apps for On-premise SharePoint 2013 | SPBreed's Blog
Deploying MVC5 based provider

hosted apps for On-premise
SharePoint 2013
NOVEMBER 25, 2013FEBRUARY 13, 2014 / KARTHIK
i
3 Votes
Why provider hosted apps:
IMHO – Microsoft is in the vision of making SharePoint as a port of

entry to other web based appliances such as ASP.Net sites. And
SharePoint Apps hold the key for authentication between
SharePoint and apps either through OAuth tokens or S2S trusts.
SharePoint hosted apps works great for browser driven utilities

which works via Javascripts and CSOM. In the case of building
three tier applications with Database entities, provider hosted apps
is a be er option and running these apps in different environment
brings other distinct advantages such as App code isolation, easier
upgrades independent of SharePoint versions etc.
How this model works:
https://spbreed.wordpress.com/2013/11/25/deploying-mvc5-based-provider-hosted-apps-for-on-premise-sharepoint-2013/ 1/22
Provider hosted Sharepoint apps supports authentication via S2S

(Server to Server) trust. S2S is established between web server
which hosts the remote web app and web server which hosts the
SharePoint via X.509 server certificate. Remote webapp
authenticates the user independent of SharePoint authentication
and creates an access token with user identity and app token. This
access token is then signed by the server certificate and validated in
host SharePoint environment when executing CSOM or REST calls.
SharePoint host trusts all the calls received by trusted security token
providers.
For more details refer this excellent book

(h p://www.amazon.com/Microsoft-SharePoint-2013-App-
Development/dp/0735674981/) by Scot Hillier
(h p://www.shillier.com/default.aspx) and Ted Pa ison
(h ps://twi er.com/TedPa ison).
(h p://www.amazon.com/Microsoft-SharePoint-2013-App-
Development/dp/0735674981/)
Why MVC:
At the heart of MVC is Separated Presentation layer. The idea

behind Separated Presentation is to make a clear division between
domain objects that model our perception of the real world, and
presentation objects that are the GUI elements we see on the screen.
Domain objects should be completely self contained and work
without reference to the presentation, they should also be able to
support multiple presentations, possibly simultaneously. More
detailed explanation here
(h p://martinfowler.com/eaaDev/uiArchs.html)
Most of modern day ASP.Net apps ar developed using MVC

pa erns to support rapid UI changes and be er unit testing
scenarios. Here is a simple tutorial
(h p://www.codeproject.com/Articles/575397/An-Absolute-
Beginners-Tutorial-on-ASP-NET-MVC-for) to understand MVC
basics.
Implementation:
This article does not cover how to set up App management Service
infrastructure on your SharePoint App stores. Follow this
informative article
(h p://sharepointchick.com/archive/2012/07/29/se ing-up-your-
app-domain-for-sharepoint-2013.aspx) by Mirjam
(h ps://twi er.com/MirjamvanOlst) to set up App domain.
Deployment of provider hosted apps involves the listed steps.
1)Preparing remote App server
2)Preparing SharePoint server
3)Se ing STS trust
4)Create VS 2013 MVC app
5)Deployment
1)Preparing remote App server
1.1 Create new host entry:
Add a new Host (A) entry on DNS with the IP of Server hosting
remote web app. (sp2013apps.gsi.local)
Ping SP2013apps.gsi.local should resolve to the IP. Else do ipconfig

/flushdns to reset the DNS cache
(h ps://spbreed.files.wordpress.com/2013/11/dns.png)
1.2: Install Management service delegate:
Remote web app deployment is done through WebDeploy. To

support web deploy IIS should have “Management Service
Delegate” features. Follow this blog from Sco Gu
(h p://weblogs.asp.net/sco gu/archive/2010/09/13/automating-
deployment-with-microsoft-web-deploy.aspx) to read more on this.
In the essence download webdeploy 3.5 from this link
(h p://go.microsoft.com/fwlink/?LinkID=309497) and select all the
features while installing.
(h ps://spbreed.files.wordpress.com/2013/11/webdeploy-3-5.png)
(h ps://spbreed.files.wordpress.com/2013/11/service-delegate.png)
You should see this icon. Now double-click the Management

Service Delegation -> Edit Feature Se ings -> Allow administrators
to bypass rules option within this dialog box. This will allow those
with Administrator accounts on the server to bypass the delegation
capabilities of the Web Management Service and perform actions
using their administrator capabilities:
(h ps://spbreed.files.wordpress.com/2013/11/bypass-rules.png)
Now click Management Service, stop the service and check “Enable
Remote Connections” checkbox to enable remote deployments. You
can optionally choose which IP address and port the management
service runs on – as well as what client IP addresses are allowed to
connect with it. You can tweak these se ings to lock down who can
access the deployment service.
(h ps://spbreed.files.wordpress.com/2013/11/remote-
connections.png)
1.3: Apply SSL to default website:
Since this is a Dev environment , SelfSSL 1.0 is used to generate the

SSL certificates.
Thanks to Thomas Balkestahl (h ps://twi er.com/blksthl) for

writing this blogpost (h p://blog.blksthl.com/2012/12/20/a-guide-to-
h ps-and-secure-sockets-layer-in-sharepoint-2013/) using SelfSSL.
Download and install IIS 6.0 Resource Kit

(h p://www.microsoft.com/en-us/download/details.aspx?id=17275)
Now add a new 443 port binding to Default Website
(h ps://spbreed.files.wordpress.com/2013/11/443-iis.png)
Open the SelfSSL utility installed in the last step
(h ps://spbreed.files.wordpress.com/2013/11/selfssl.png)
And run the following script to apply SelfSSL to the Default

website.
selfssl.exe /N:CN=SP2013apps.gsi.local /K:1024 /V:36
Where /S:1 key represents App Site ID of default website (Site ->
Advance Se ings -> General ->ID)
/V switch for Validity
(h ps://spbreed.files.wordpress.com/2013/11/ssl_default.png)
Once the certificate is installed on your IIS, add new SSL binding
on 443 port with the host name registered before
(h ps://spbreed.files.wordpress.com/2013/11/iis_ssl_apps.png)
Now navigating to h ps://sp2013apps.gsi.local

(h ps://sp2013apps.gsi.local) should bring IIS 8 logo page as shown
below.
(h ps://spbreed.files.wordpress.com/2013/11/iis8_logo.png)
2)Preparing SharePoint server
Now repeat the steps 1.1 & 1.3 to SSL SharePoint WebApp.
selfssl.exe /N:CN=SP2013.gsi.local /K:1024 /V:365 /S
(h ps://spbreed.files.wordpress.com/2013/11/ssl_sp2013.png)
where SP2013.gsi.local is the host name for SharePoint web app and
/S:682683733 is the ID of SharePoint Webapp
Now add a new 443 HTTPS binding with sp2013.gsi.local as the

host name.
2.2: Add new AAM:
Now navigate Central Admin -> Alternate Access Mapping ->

Change AAM collection to SharePoint web app -> Click Edit public
URL and add h ps://sp2013.gsi.local (h ps://sp2013.gsi.local) ->
Save
(h ps://spbreed.files.wordpress.com/2013/11/aam_publicurl.png)
Click Add Internal URL -> h p://sp2013.gsi.local

(h p://sp2013.gsi.local) -> save
(h ps://spbreed.files.wordpress.com/2013/11/aam_internal.png)
Now perform IISRESET and wait few seconds until AAM timer job
updates the SharePoint routing tables.
Now navigating to h ps://sp2013.gsi.local should bring your home

page.
3)Se ing STS trust
Server to Server trust is one of the crucial pieces of provider hosted

apps. SSL certificate from remote web server added as “trusted
service consumer” in SharePoint environment.
Export the certificate from the remote web server and copy to
Sharepoint environment
Open IIS -> Server Certificates
(h ps://spbreed.files.wordpress.com/2013/11/server_certs1.png)
Double click the SSL generated in last step -> details -> Copy to file -
> Donot export -> DER encoded
-> C:\Certs\selfsignedApps.cer
Now Copy the certificate to SharePoint server (C:\Certs) and run

the following powershell script to establish trust
1 $publicCertPath = "C:\certs\selfsignedApps.cer"
2 $issuerId = [System.Guid]::NewGuid().ToString()
3 $spurl ="https://sp2013.gsi.local (https://sp2013
4 $spweb = Get-SPWeb $spurl
5 $realm = Get-SPAuthenticationRealm -ServiceContex
6 $certificate = Get-PfxCertificate $publicCertPath
7 New-SPTrustedRootAuthority -Name "<strong>Hightru
8 $fullIssuerIdentifier = $issuerId + '@' + $realm
9 New-SPTrustedSecurityTokenIssuer -Name $issuerId
Now check for the certificate at Central Administration -> Security -

> Manage Trust
New certificate “Hightrust MVC Cert” is added to the trusted stores

as expected.
(h ps://spbreed.files.wordpress.com/2013/11/trust.png)
To avoid SSL errors and proper authentication between the apps,

add both SharePoint SSL and Remote web server SSL to trusted root
stores.
Double click .cert file -> Install Certificate -> Local Machine ->
Browse -> Trusted Root Certification Authorities -> OK
This will import the certificates.
(h ps://spbreed.files.wordpress.com/2013/11/import_success.png)
Now we have all the frameworks and infrastructure required for

provided hosted apps
4)Create VS 2013 MVC app
Now generate the server certificate of remote web server in PFX

format.
Open IIS -> Certificates
Right click the SP2013apps.gsi.local -> export -> save with .pfx
extension and password
Note down issuer ID by running following powershell script
1 $issuerId = [System.Guid]::NewGuid().ToString()
2 $issuerId
Install Visual Studio 2013.
Click New Project -> App for SharePoint 2013
(h ps://spbreed.files.wordpress.com/2013/11/vs_1.png)
Select ASP.NET MVC web app
(h ps://spbreed.files.wordpress.com/2013/11/vs_providerhostoption1.png)
Now select the PFX certificate generated in the last step. Provide
password and Issuer ID
(h ps://spbreed.files.wordpress.com/2013/11/vs_cert1.png)
This will create a new MVC project.
(h ps://spbreed.files.wordpress.com/2013/11/mvc_solution-
structure.png)
Now Visual studio created two projects with in the same solution.
MVCApp1 is the SharePoint App and MVCApp1Web is the remote
webapp. Only artifact of the MVCApp1 is the appmanifest.xml.
This is similar to what feature.xml to WSP. We provide the version,
permission and startpage details of the app.
(h ps://spbreed.files.wordpress.com/2013/11/mvc_appmanifest.png)
Make sure Windows authentication is enabled for web project
(h ps://spbreed.files.wordpress.com/2013/11/mvc_windowsauth.png)
Now you can directly debug the app by pressing f5. Now login to
app using your windows credentials and trust the app. This will
lead to sample app hosted from VS2013 if all the se ings are right.
(h ps://spbreed.files.wordpress.com/2013/11/mvc_sample.png)
Database driven MVC app:
Creating an MVC App involves
Creating a database model entity using Entity Framework Data

Model
This is the schema of customer table used in MVC app.
(h ps://spbreed.files.wordpress.com/2013/11/db_schema.png)
To create an entity model for this database
Right click model -> Add new item -> ADO.Net Entity datamodel ->
Generate from Database and connect to required Database objects
(h ps://spbreed.files.wordpress.com/2013/11/mvc_db.png)
(h ps://spbreed.files.wordpress.com/2013/11/mvc_selec abe.png)
Now this will generate Model entities and classes to support CRUD
operations with the database
(h ps://spbreed.files.wordpress.com/2013/11/mvc_model.png)
Adding a controller and View for Model via scaffolding
Scaffolding is a code generation framework for ASP.NET Web

applications. Visual Studio 2013 includes pre-installed code
generators for MVC and Web API projects. You add scaffolding to
your project when you want to quickly add code that interacts with
data models. Using scaffolding can reduce the amount of time to
develop standard data operations in your project.
Now right click controller -> Add -> New Scaffolding Item -> Select
MVC5 Controller with views using entity frame work
(h ps://spbreed.files.wordpress.com/2013/11/mvc_scafold.png)
This will generate all controller and View files. View files are in
.cshtml format. This can be edited to suit our design. (More on this
in next blog post)
(h ps://spbreed.files.wordpress.com/2013/11/mvc_views.png)
Changing the MVC routing
With MVC there is no direct URL access. Its all view containers is
what we need. And the URL re-direction logics are stored in the
RootConfig.cs located under App_Start folder
Default controller is changed to Customer. to route all the default

request to MVCApp1\Customer page
(h ps://spbreed.files.wordpress.com/2013/11/mvc_rootconfig.png)
5)Deployment
Deployment involves App deployment and Website deployment
App Deployment:
Before publishing the app, a new client ID for the App should be
generated form the app site. SharePoint uses this client ID to
validate the App file while installing. Navigate to appregnew.aspx
Navigate to h ps://sp2013.gsi.local/sites/apps/ and

(h ps://sp2013.gsi.local/sites/apps/ and) generate AppId
(h ps://spbreed.files.wordpress.com/2013/11/mvc_appreg-
new2.png).
Right click the solution and click publish and select Package the
app. And enter the client ID and the remote site URL.
(h ps://spbreed.files.wordpress.com/2013/11/mvc_pub_se ings.png)
(h ps://spbreed.files.wordpress.com/2013/11/mvc_spapp1.png)
This will generate an MVCApp1.app file. This is analogous to .wsp

file.
On opening the .app file with good old WINRAR all the resources
can be extracted out. And verify appmanifest.xml .
(h ps://spbreed.files.wordpress.com/2013/11/mvc_manifestpic.png)
(h ps://spbreed.files.wordpress.com/2013/11/appmanifest.png)
Now Install the app in App site.
WebSite Deployment:
Now go back to Publish page and click “Deploy your Web Project”.
Select a new profile and enter the details of remote web server and
client ID se ings.
This will deploy the webapp to remote server IIS.
(h ps://spbreed.files.wordpress.com/2013/11/mvc_publish1.png)
(h ps://spbreed.files.wordpress.com/2013/11/mvc_spapp1.png)
Now add the installed app from any site and trust it. On clicking
the app page will be redirected to index
page h ps://sp2013apps.gsi.local/MVCApp1/customer/
(h ps://spbreed.files.wordpress.com/2013/11/mvc_index.png)
Now we have a complete set of pages that perform simple CRUD

operations for Customer entity.
Advertisements
Code Behind, Ideas, SharePoint Apps

#APPMODEL , #HIGHTRUST , #MVC5 ,
#PROVIDERHOSTED
4 thoughts on “Deploying MVC5 based

provider hosted apps for On-premise
SharePoint 2013”
1. fabiangwilliams
NOVEMBER 25, 2013 AT 9:17 PM
Really good tutorial, love your style of writing lol, it matches my
own, visual learner so i need plenty of pics. Cheers
REPLY
spbreed
NOVEMBER 25, 2013 AT 10:40 PM
Thanks Fabian. Didn find much on se ing up s2s
infrastructure. Hence detailed it.
REPLY
2. Pingback: Nova Tech Consulting Blog | Deploying MVC5 based
provider hosted apps for On-premise SharePoint 2013
3. SV
MARCH 25, 2014 AT 6:19 PM
Can we associate a workflow to this provider hosted app? What
sort of events can it be bound to while associating a workflow?
REPLY
CREATE A FREE WEBSITE OR BLOG AT WORDPRESS.COM.

Deploying MVC5 Based Provider Hosted Apps For On-Premise SharePoint 2013

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Deploying MVC5 Based Provider Hosted Apps For On-Premise SharePoint 2013

Uploaded by

Copyright:

Available Formats

10/30/2017 Deploying MVC5 based provider hosted apps for On-premise SharePoint 2013 | SPBreed's Blog

Deploying MVC5 based provider

NOVEMBER 25, 2013FEBRUARY 13, 2014 / KARTHIK

Why provider hosted apps:

IMHO – Microsoft is in the vision of making SharePoint as a port of

SharePoint hosted apps works great for browser driven utilities

How this model works:

Provider hosted Sharepoint apps supports authentication via S2S

For more details refer this excellent book

At the heart of MVC is Separated Presentation layer. The idea

Most of modern day ASP.Net apps ar developed using MVC

Deployment of provider hosted apps involves the listed steps.

1)Preparing remote App server

2)Preparing SharePoint server

3)Se ing STS trust

4)Create VS 2013 MVC app

1)Preparing remote App server

1.1 Create new host entry:

Ping SP2013apps.gsi.local should resolve to the IP. Else do ipconﬁg

1.2: Install Management service delegate:

Remote web app deployment is done through WebDeploy. To

You should see this icon. Now double-click the Management

1.3: Apply SSL to default website:

Since this is a Dev environment , SelfSSL 1.0 is used to generate the

Thanks to Thomas Balkestahl (h ps://twi er.com/blksthl) for

Download and install IIS 6.0 Resource Kit

Now add a new 443 port binding to Default Website

Open the SelfSSL utility installed in the last step

And run the following script to apply SelfSSL to the Default

selfssl.exe /N:CN=SP2013apps.gsi.local /K:1024 /V:36

/V switch for Validity

Now navigating to h ps://sp2013apps.gsi.local

2)Preparing SharePoint server

selfssl.exe /N:CN=SP2013.gsi.local /K:1024 /V:365 /S

Now add a new 443 HTTPS binding with sp2013.gsi.local as the

2.2: Add new AAM:

Now navigate Central Admin -> Alternate Access Mapping ->

Click Add Internal URL -> h p://sp2013.gsi.local

Now navigating to h ps://sp2013.gsi.local should bring your home

3)Se ing STS trust

Server to Server trust is one of the crucial pieces of provider hosted

Open IIS -> Server Certiﬁcates

Now Copy the certiﬁcate to SharePoint server (C:\Certs) and run

Now check for the certiﬁcate at Central Administration -> Security -

New certiﬁcate “Hightrust MVC Cert” is added to the trusted stores

To avoid SSL errors and proper authentication between the apps,

This will import the certiﬁcates.

Now we have all the frameworks and infrastructure required for

4)Create VS 2013 MVC app

Now generate the server certiﬁcate of remote web server in PFX

Open IIS -> Certiﬁcates

Note down issuer ID by running following powershell script

Install Visual Studio 2013.

Click New Project -> App for SharePoint 2013

Select ASP.NET MVC web app

This will create a new MVC project.

Make sure Windows authentication is enabled for web project

Database driven MVC app:

Creating an MVC App involves

Creating a database model entity using Entity Framework Data

This is the schema of customer table used in MVC app.

To create an entity model for this database

Adding a controller and View for Model via scaﬀolding