SharePoint 2013 Server configuration for App Model – Provider hosted app with High Trust

I know there are lot many blogs around this topic but this one captures the steps with screenshots & proven by following the below steps for setting up SharePoint 2013 server for provider hosted application app model configuration with high trust s2s.

It has been configured on over 50 SharePoint development servers.

The below steps have been documented in here SharePoint App Model Steps

SP 2013 Server App Model Configuration – ONE TIME

Create an isolated app domain on your development computer

Ensure that the spadmin and sptimer services are running by opening a command prompt and typing the following commands.

net start spadminv4
net start sptimerv4

Create your isolated app domain by running the SharePoint Management Shell as an administrator and typing the following command.

Set-SPAppDomain "wbmsspdev19"

Ensure that the SPSubscriptionSettingsService and AppManagementServiceInstance services are running by typing the following command in the SharePoint Management Shell.

Get-SPServiceInstance | where{$_.GetType().Name -eq "AppManagementServiceInstance" -or $_.GetType().Name -eq "SPSubscriptionSettingsServiceInstance"} | Start-SPServiceInstance

Verify that the SPSubscriptionSettingsService and AppManagementServiceInstance services are running by typing the following command in the SharePoint Management Shell. The output will indicate whether each service is online.

Get-SPServiceInstance | where{$_.GetType().Name -eq "AppManagementServiceInstance" -or $_.GetType().Name -eq "SPSubscriptionSettingsServiceInstance"}

Specify an account, application pool, and database settings for the SPSubscriptionService and AppManagementServiceInstance services by typing the following code in the SharePoint Management Shell. If you created a SPManagedAccount in the preceding step, use that account name here.

$account = Get-SPManagedAccount "wb\spm13dev"  (spm13dev is a service account)
$appPoolSubSvc = New-SPServiceApplicationPool -Name SettingsServiceAppPool -Account $account
$appPoolAppSvc = New-SPServiceApplicationPool -Name AppServiceAppPool -Account $account
$appSubSvc = New-SPSubscriptionSettingsServiceApplication –ApplicationPool $appPoolSubSvc –Name SettingsServiceApp –DatabaseName SettingsServiceDB
$proxySubSvc = New-SPSubscriptionSettingsServiceApplicationProxy –ServiceApplication $appSubSvc
$appAppSvc = New-SPAppManagementServiceApplication -ApplicationPool $appPoolAppSvc -Name AppServiceApp -DatabaseName AppServiceDB
$proxyAppSvc = New-SPAppManagementServiceApplicationProxy -ServiceApplication $appAppSvc

Specify your tenant name by typing the following code in the SharePoint Management Shell.

Set-SPAppSiteSubscriptionName -Name "app" -Confirm:$false

Create a web application & site collection with Developer site template.

Ex: http://wbmsspdev19:1001/

To create a self-signed test .pfx certificate file

  1. When you are debugging a high-trust app for SharePoint in Visual Studio, the remote web application is hosted in IIS Express on the machine where Visual Studio is installed. So the remote web application computer doesn’t have an IIS Manager where you can create the certificate. For this reason, you use the IIS on the SharePoint test server to create the certificate. In IIS manager, select the ServerName node in the tree view on the left.
  2. Select the Server Certificates icon, as shown in Figure 1.

    Figure 1. Server Certificates option in IIS

    SharePoint_App_Model_Server_Certificates

  3. Select the Create Self-Signed Certificate link from the set of links on the right side, as shown in Figure 2.

    Figure 2. Create Self-Signed Certificate link

    Create_Self_Signed_Certificate

  4. Name the certificate WBMSSPDEV19HighTrustCert, select Web Hosting and then choose OK.
  5. Right-click the certificate, and then select Export, as shown in Figure 3.

    Figure 3. Exporting a test certificate

    Exporting_Test_Certificate

  6. In Windows, or at a command line, create a folder called C:\Certs.
  7. Back in IIS Manager, export the file to C:\Certs and give it a password. In this example, the password is password.

To create a corresponding .cer file

  1. In IIS manager, select the ServerName node in the tree view on the left.
  2. Double-click Server Certificates.
  3. In Server Certificates view, double-click WBMSSPDEV19HighTrustCert to display the certificate details.
  4. On the Details tab, choose Copy to File to launch the Certificate Export Wizard, and then choose Next.
  5. Use the default value No, do not export the private key, and then choose Next.
  6. Use the default values. Choose Next.
  7. Choose Browse, browse to C:\Certs, name the certificate WBMSSPDEV19HighTrustCert, and then choose Save. The certificate is saved as a .cer file.
  8. Choose Next.
  9. Choose Finish.

Configure SharePoint 2013 to use certificates and configure trust for your app

$publicCertPath = "C:\Certs\WBMSSPDEV19HighTrustCert.cer"
$certificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($publicCertPath)
New-SPTrustedRootAuthority -Name "WBMSSPDEV19HighTrustCert" -Certificate $certificate
$realm = Get-SPAuthenticationRealm
$specificIssuerId = "11111111-1111-1111-1111-111111111119"
$fullIssuerIdentifier = $specificIssuerId + '@' + $realm
New-SPTrustedSecurityTokenIssuer -Name "WBMSSPDEV19 High Trust Cert" -Certificate $certificate -RegisteredIssuerName $fullIssuerIdentifier –IsTrustBroker
iisreset
$serviceConfig = Get-SPSecurityTokenServiceConfig
$serviceConfig.AllowOAuthOverHttp = $true
$serviceConfig.Update()

New Provider app creation – (Follow steps for every new provider app)

  1. Open visual studio & create provider-hosted app

    Open_VS_New_Provider_Hosted

  1. On the certificate screen, select the certificate from C:\Cerfts folder & mention the issuer id 11111111-1111-1111-1111-111111111119

    Certificate_Screen

  1. Generate app id by the below URL appregnew.aspxEx- http://wbmsspdev19:1001/_layouts/15/Appregnew.aspx
  1. Paste the app id as client id on both the app & web projects.
    AppManifest.xml & web.config file.

    4AppManifest

    41AppManifest

  1. Create a web site on IIS & update this website info on appmanifest.xml & project url under web properties.

    5IISwebsite

    Ex: <StartPage>http://wbmsspdev19:10001/SharePointApp1Web/Pages/Default.aspx?{StandardTokens}</StartPage>

    51StartPage

    52StartWebPage

  1. Register every new provider app model app with the below script.
    1. clientID – generated in step 3 above
    2. targetSiteUrl – Provider app site url 
      $appDisplayName = "SharePointApp1"
$clientID = "53006f1e-5d06-4679-a449-f4cfff9c1f5f"
$targetSiteUrl = "http://wbmsspdev19:1001/"
$targetSite = Get-SPSite $targetSiteUrl
$realm = Get-SPAuthenticationRealm -ServiceContext $targetSite
$fullAppPrincipalIdentifier = $clientID + '@' + $realm
$registeredAppPrincipal = Register-SPAppPrincipal -NameIdentifier $fullAppPrincipalIdentifier -Site $targetSite.RootWeb -DisplayName $AppDisplayName
$registeredAppPrincipal | select * | Format-List
$registeredAppPrincipal | select * | Format-List | Out-File -FilePath "Output.txt"

References

App domain & Dev setup

http://msdn.microsoft.com/en-us/library/fp179923(v=office.15).aspx

High trust app creation S2S

http://msdn.microsoft.com/en-us/library/fp179901(v=office.15).aspx

Leave a comment