Tag Archives: CAM

Installing SharePoint 2013 Apps programmatically: what’s possible, what not?

Last week I was looking for a solution to install SharePoint Apps using Server Side Object Model (SSOM) or Client Side Object Model (CSOM). Microsoft does not really support this scenario as it is not the preferred ways to use Apps. Normally end users should install Apps themselves on sites they want. In this post I will cover the possibilities of provisioning Apps using code. But I investigated the API to see if there is a way to support the sample scenario somehow.

Scenario: I want a Web Service which enables me to provision Apps from the App Catalog Site Collection on request to a Web on a specific Site Collection. The Web Service should be a Full Trust Code solution which grabs the App in the App Catalog and provisions it. The App Catalog should be used to make it easy to deploy new Apps from a central place and to support versioning in an easy way:
Deploying Apps

Now we know what we want we can look into the API which is present in SharePoint and see what possibilities we have. Microsoft offers not much API’s for provisioning Apps. When browsing on the internet you will probably find a method called LoadAndInstallApp on the SPWeb object. This method however only accepts stream object to a binary representation of the .app file. The .app file is actually a zip file containing the application. The disadvantage of this solution is that you have to upload the App to every single Web where you want to deploy this App and not using the advantage of a central location like the App Catalog to distribute the Apps and taking care of versioning. A sample of how to install apps using SSOM can be found on MSDN Blogs.

When digging further in the SharePoint DLL’s using ILSpy you will notice that there is no publicly available API to install Apps directly from the App Catalog. Internally there are some methods available, as it is possible from UI to add an app from a Corporate Catalog on a Web. A possible workaround is to retrieve the App file from the App Catalog (it is internally just a list) and then forward the stream object to the LoadAndInstallApp method. This works however SharePoint doesn’t notice then that the App is coming from the Corporate Catalog. In case a new version of the App is installed on the App Catalog, SharePoint doesn’t know that the App which is installed on that specific Web is updated and can’t notify the site owner by a notification that an update is available (SharePoint won’t push new versions automatically!). Another thing which you’ll notice is that when opening the Site Contents page and open the context menu on the installed App that the About option is missing. This page is very important, as this page normally allows an end-user to update the App and see if an update is available. So this means that the end-user can’t update the App properly from UI. Conclusion:The API is not that mature to use it in a professional environment to support scenario’s like this. We need to hope that Microsoft will come with an API to support scenario’s like this in future. Currently it seems not to be possible to programmatically install an App from the App Catalog into a Web.

I also want to mention the CSOM variant of the LoadAndInstallApp method. It is present in both the .NET Managed CSOM and Javascript library. However when you call it, you will get an error that it is only supported when sideloading is enabled. Sideloading should only be used in development environments. Therefore CSOM doesn’t provide a way to deploy Apps programmatically in SharePoint on production environments. There reason is probably to reduce the risk to install corrupt Apps or Apps which can delete or malform existing data in the Web.

Setting up SharePoint 2013 devbox for provider hosted apps

For preparing another article I was trying on my pretty straight forward dev box to debug an empty provider hosted app solution. However I was experiencing some problems with setting up my dev box to allow provider hosted apps to run on the same box using IIS Express. First I started with a blank new SharePoint 2013 App solution in Visual Studio 2012 and tried to deploy it on my machine (using a IISExpress instance for running the actual contents of the app). First deployment was failing because the services needed to run apps where not running. Make sure that the appropiate services are running as shown in the following screenshots:


The App Management Service Application should be started.


The App Management Service should also be started.

After starting the services and performing an IISReset I could successfully deploy the app to SharePoint. A window will open with the question to trust the app. After that I was getting the following exception:


A token error which was occurring…

After googling a bit around on this error I found an >article which explains why it isn’t working. The app is trying to authenticate using the so-called Low-Trust model and expects Access Control Service (ACS) as a trust broker. I decided that I want to use High-Trust because I don’t want to rely on an internet connection in the dev box to connect to O365 ACS. The advantage is that you don’t need Office 365 for ACS, the disadvantage is the bunch of configuration work to do. First you need to do some preparation work which is described by Microsoft in the following article. Probably you already have a farm installed, so you can start at step 6. To make it easier I included the full PowerShell script from the article here with some useful comments:

#Start SharePoint Services
net start spadminv4
net start sptimerv4

#Set App Domain, change name if you want to
Set-SPAppDomain "App-Domain"

#Verify services are started
Get-SPServiceInstance | where{$_.GetType().Name -eq "AppManagementServiceInstance" -or $_.GetType().Name -eq "SPSubscriptionSettingsServiceInstance"} | Start-SPServiceInstance
Get-SPServiceInstance | where{$_.GetType().Name -eq "AppManagementServiceInstance" -or $_.GetType().Name -eq "SPSubscriptionSettingsServiceInstance"}

#Create new managed account, remove this line if you already have one!
$account = New-SPManagedAccount

#Create services for app domain, please change domainname\username to correct user
$account = Get-SPManagedAccount "domain\user" 
$appPoolSubSvc = New-SPServiceApplicationPool -Name SettingsServiceAppPool -Account $account
$appPoolAppSvc = New-SPServiceApplicationPool -Name AppServiceAppPool -Account $account
$appSubSvc = New-SPSubscriptionSettingsServiceApplication –ApplicationPool $appPoolSubSvc –Name SettingsServiceApp –DatabaseName SettingsServiceDB 
$proxySubSvc = New-SPSubscriptionSettingsServiceApplicationProxy –ServiceApplication $appSubSvc
$appAppSvc = New-SPAppManagementServiceApplication -ApplicationPool $appPoolAppSvc -Name AppServiceApp -DatabaseName AppServiceDB
$proxyAppSvc = New-SPAppManagementServiceApplicationProxy -ServiceApplication $appAppSvc

#Change tenant name if you want to
Set-SPAppSiteSubscriptionName -Name "app" -Confirm:$false

After executing the script you’ll see new service applications popping up in Central Administration:


New service applications and proxys has been added by the script.

Then you can start with the preparations to create your High-Trust Provider Hosted app. Microsoft described this again in a article. Again I’m sharing the PowerShell which is posted along the article:

#Path to exported certificate, change if needed
$publicCertPath = "C:\Certs\HighTrustSampleCert.cer"

#Read certificate and create trustrootauthority
$certificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($publicCertPath)
New-SPTrustedRootAuthority -Name "HighTrustSampleCert" -Certificate $certificate

#Create Trusted Security Token Issuer 
$realm = Get-SPAuthenticationRealm
$specificIssuerId = "11111111-1111-1111-1111-111111111111"
$fullIssuerIdentifier = $specificIssuerId + '@' + $realm
New-SPTrustedSecurityTokenIssuer -Name "High Trust Sample Cert" -Certificate $certificate -RegisteredIssuerName $fullIssuerIdentifier –IsTrustBroker

#Configure to use without HTTPS, don't use this on NON-DEV boxes!!!
$serviceConfig = Get-SPSecurityTokenServiceConfig
$serviceConfig.AllowOAuthOverHttp = $true

The article also describes what to do when creating the solution in Visual Studio. You need a .pfx export of your certificate with private key to let it work. When running the default sample you should see at the end a page with the Site Title displayed on it:

Now you can start creating your app! Happy coding!