Real-time application monitoring, event management, and operational health metrics for Microsoft SharePoint Reduce troubleshooting time by up to 30% Increase efficiency and improve user satisfaction Avoid downtime and costly outages Meet or exceed service level agreements Maximize investment in current infrastructure CKS:DEV The SharePoint Cowboy Patterns & Practices Eric Shupps www.sharepointcowboy.com eshupps@binarywave.com facebook.com/sharepointcowboy @eshupps Introduction Extensibility Navigation Design Content Publication Authorization Office 365 Platform Flexible Tools Objectives Audience Experience Challenges User Menu Suite Bar JavaScript Site Settings JavaScript Solution JavaScript Solution Quick Access JavaScript Solution <CustomAction Id=[GUID]. RibbonCustomAction" RegistrationType="ContentType" RegistrationId="0x" Location="CommandUI.Ribbon" Sequence="10001" Title=My Custom Action"> <CommandUIExtension> <CommandUIDefinitions> <CommandUIDefinition Location="Ribbon.Library.Actions.Controls._children"> <Button Id="Ribbon.Library.Actions.MyAction" Alt=My Custom Action" Sequence="100" Command="Invoke_CustomAction" LabelText=Awesome Action" TemplateAlias="o1" Image32by32=[ImageUrl]" Image16by16=[ImageUrl]" /> </CommandUIDefinition> Ribbon Quick Launch Edit Control Block JavaScript App Solution JavaScript App Solution JavaScript Solution Static sort order Custom properties enable extensibility Scoped to current site collection Hierarchical list of navigation nodes Cannot navigate across site collection boundaries Advanced functionality requires custom code Basic functionality restored with master page edit + JavaScript Vertical breadcrumb hidden in 2013/SPO App Part CSOM: LINQ to Objects != LINQ to SharePoint CSOM: No Cross-List Query Content Query Web Part (XSLT) Social APIs Search APIs Content Search Web Part Result Relevancy Managed Properties Display Templates In-Place Catalogs Search Components and APIs Write Once, Read Many CSOM REST Collection of branding assets (files) HTML (.master), CSS, Image (.preview), related artifacts Beware of inheritance issues and feature dependencies Sandbox Easy App Challenging Create design in UI Export to WSP Customize WSP Sandbox Easy App N/A Web Templates Unstructured Modules CSOM Sandbox Easy App Challenging Authentication independent Valet Key Access Permissions Open standard for app integration and authorization User App Provider User requests access App requests Request Token Provider returns Request Token App builds auth link w/ Request Token User requests URL + Request Token Provider returns access token User requests URL + Access Token App validates access token Access token validated User granted access 1 2 3 Provides integration without multiple logins Enables server to server operations on behalf of users Establishes trust relationships between diverse components Supports the App Model Manages identity information for principals (STS) Identity Provider Handles requests for trusted identity claims Security Token Service Identity provider associated with a web application Identity Token Issuer Trusted resource (farm, server, etc.) Security Token Issuer Resource information and signing certificate (JSON) Metadata Endpoint Used to request permission to protected resource Request Token Used by App to access resource on behalf of user Access Token Operation scope for authorization Realm Cloud-based security token service (IP-STS) Azure ACS App establishes context ACS provides access token App requests access token from ACS Browser POSTS request token to app SP sends request tokens to browser SP gets request token from ACS User browses to app Get client context from SP with access token Get access token Read and validate context token Parse out Context Token Get POST parameters from SP Remote Applications App Permissions OAuth HTML + Javascript REST Store & Catalog Custom Code Premise Full Trust Server OM (Full) Sandbox Server OM (Partial) Client OM Apps Client OM Cloud Sandbox Server OM (Partial) Client OM Apps Client OM App Hosting Auto Azure SharePoint App Web IFRAME App Part IFRAME Provider Remote Web CHROME .NET Javascript Synchronous Server SP Asynchronous Client Office / SP HTTP-based web service architecture that uses nouns and verbs to define operations Noun: Items Verbs: GET, POST, PUT, DELETE OData provides metadata, object typing and query semantics for underlying data structure (WCF data services) /items(0) Client Object Model service (client.svc) processes queries, interacts with server OM, returns formatted response (JSON, XML) /items/GetByTitle(foo) http://contoso/_api/items/GetById(1)?$select=Title,ID Location Service Resource Path Query Options Local Current Context Request Digest Remote OAuth Access Token Cross Domain Request Executor SP.WebProxy HTTP WebRequest Context Info Cross Domain Explore articles Connect OfficeSPDev.UserVoice.Com Solve your roadblocks on StackOverflow [Office] and [SharePoint] Build Office Dev Tools for Visual Studio 2013 and Office 365 API Tools for Visual Studio 2013