Updating an expired Client Secret of a SharePoint Add-in using Azure-AD/Az Cli

Posted on November 25, 2019 by cann0nf0dder

Back in May 2016, I wrote a post to show you how to update the Client Secret of a SharePoint add-in. This used the PowerShell module MSOL. https://cann0nf0dder.wordpress.com/2016/05/18/updating-an-expired-client-secret-of-sharepoint-add-in/

The MSOL module is now (or going to be) deprecated. Therefore, I needed to find a different way of doing this, and ideally something that could be done with Azure Dev-ops pipelines. I originally started with AZ CLI. Although the Client Secret is tied to a Service Principal in Azure AD, I was unable to change the Key Credentials or Password Credentials for it.

Due to the issues I was getting with AZ CLI, I used Azure-AD module instead. See at end of blog post, how I got Az CLI to work with a workaround.

Updating Client Secret

Connect to Azure-AD

First you will need to connect to Azure-AD

	#Install AzureAD
	Write-Information -MessageData:"Getting if the AzureAD powershell module is available..."
	if(-not (Get-Module AzureAD)) {
	Write-Information -MessageData:"Installing the NuGet Package provider..."
	Install-PackageProvider -Name:NuGet -Force -Scope:CurrentUser

	Write-Information -MessageData:"Installing the AzureAD Powershell Module..."
	Install-Module AzureAD -Scope:CurrentUser -Force
	}

	$Credential = Get-Credential
	Connect-AzureAD -Credential $Credential

view raw Connect-AzureAD.ps1 hosted with ❤ by GitHub

The above code ensures that you have Azure AD installed on your machine, and logs you in.

Getting the Add-in as a Service Principal

Once you have logged in, you will be able to call back your SharePoint Add-in. The SharePoint Add-in is actually a Service Principal within Azure AD, and we will grab this using Get-AzureADServicePrincipal. You can do this by using the AppId, or the AppName. The AppId is fine to use, but when you want to use the same script across multiple environments, you will need to ensure you are passing in the different AppId for each environment. THis is why I have used the Name of the Add-In. (Assuming you have given your App the same name in each environment)

	$serviceprincipal = Get-AzureADServicePrincipal -All:$true -Filter "DisplayName eq 'Demo App'"
	#OR If using APP ID.
	$serviceprincipalByID = Get-AzureADServicePrincipal -All:$true -Filter "AppId eq 'ab739749-827d-4437-90e5-bf181c5407e0'"

view raw GettingServicePrincipal.ps1 hosted with ❤ by GitHub

Create a new Secret

Next you need to be able to create a new secret. This is done by creating random bytes and converting to a Base64String. I ensure the password is valid for an additional 2 years.

	$bytes = New-Object Byte[] 32
	$rand = [System.Security.Cryptography.RandomNumberGenerator]::Create()
	$rand.GetBytes($bytes)
	$rand.Dispose()
	$newClientSecret = [System.Convert]::ToBase64String($bytes)
	$dtStart = [System.DateTime]::Now
	$dtEnd = $dtStart.AddYears(2)

	write-output $newClientSecret

view raw CreatingPassword.ps1 hosted with ❤ by GitHub

Create Key Credentials and Password Credential for the App

The SharePoint Add-In requires 2 Key Credentials (One Sign and one Verify) and 1 Password Credentials. The following script creates new ones, this allows both the old password and the new password to continue working at the same time, until you are able to update the code that uses the ClientID and ClientSecret.

	Write-Information "Updating KeyCredential Usage Sign..."
	New-AzureADServicePrincipalKeyCredential -ObjectId $serviceprincipal.ObjectId -Type:Symmetric -Usage:Sign -Value $newClientSecret -StartDate $dtStart -EndDate $dtEnd \| Out-Null

	Write-Information "Updating KeyCredential Usage Verify..."
	New-AzureADServicePrincipalKeyCredential -ObjectId $serviceprincipal.ObjectId -Type:Symmetric -Usage:Verify -Value $newClientSecret -StartDate $dtStart -EndDate $dtEnd \| Out-Null

	Write-Information "Updating PasswordCredential..."
	New-AzureADServicePrincipalPasswordCredential -ObjectId $serviceprincipal.ObjectId -Value $newClientSecret -StartDate $dtStart -EndDate $dtEnd \| Out-Null

view raw NewCredentials.ps1 hosted with ❤ by GitHub

Removing the original Key and Password Credential for the App

The following code shows how to loop round the Key and Password credentials and remove the original ones. It does this by looking for any Credentials that were created before the start date of the new ones. I would only run this part of my code, once I know I have updated my application to use the new password. Not in my example here, but where I’m using it in the real world, my Client Secret is stored within a Keyvault. I would update the keyvault value (ensuring to disable the previous version).

	Write-Information "Remove all KeyCredential started before $(Get-Date $dtStart -Format 'O' )..."
	$serviceprincipal = Get-AzureADServicePrincipal -All:$true -Filter "DisplayName eq '$SharePointAddInName'"
	$serviceprincipal.KeyCredentials \| ForEach-Object{
	$credential = $PSItem
	if($($credential.StartDate) -lt $dtStart)
	{
	Write-Information -MessageData:"Removing KeyCredential $($credential.KeyId)"
	Remove-AzureADServicePrincipalKeyCredential -ObjectId:$serviceprincipal.ObjectId -KeyId:$credential.KeyId
	}
	}

	Write-Information "Remove all PasswordCredential started before $(Get-Date $dtStart -Format 'O' )..."
	$serviceprincipal.PasswordCredentials \| ForEach-Object{
	$credential = $PSItem
	if($($credential.StartDate) -lt $dtStart)
	{
	Write-Information -MessageData:"Removing PasswordCredential $($credential.KeyId)"
	Remove-AzureADServicePrincipalPasswordCredential -ObjectId:$serviceprincipal.ObjectId -KeyId:$credential.KeyId
	}
	}

view raw RemoveOutOfDatePasswords.ps1 hosted with ❤ by GitHub

Connecting with AZ Cli Workaround

Using Azure Dev-Ops Pipeline, I really wanted to use AZ cli to be able to update the Client Secret of a SharePoint Add-in. Due to the error messages when I attempted to update the Service Principal Key Credential and Password Credentials, I was forced to use Azure-AD instead. So how can I uses AZ Cli.

My Dev-Ops Pipeline uses a service account, and I have ensured this service account has permissions to update the directory.

Then I can connect from Az Cli to Azure-AD doing the following:

	#Once signed into Azure CLI
	$Token = az account get-access-token --resource-type "aad-graph" \| ConvertFrom-Json
	$AzAccount = az account show \| ConvertFrom-Json
	Connect-AzureAD -AadAccessToken $($Token.accessToken) -AccountId:$($AzAccount.User.Name) -TenantId:$($AZAccount.tenantId)

view raw AzCliToAzureAD.ps1 hosted with ❤ by GitHub

I add the above code in the full script just after the parameter, as the pipeline will already be signed in as the Pipeline Service Principal. It will then grab the Access token to sign in with Azure AD, and then able to run the rest of the script.

Full Script

	<#
	.SYNOPSIS
	Updates the SharePoint Add-in Secret everytime.
	It expects that you are already connected to Azure AD

	.EXAMPLE
	.\Update-SharePointAddIn.ps1 -SharePointAddInName "Demo App"

	#>
	param(
	[Parameter(Manadatory)]
	[string]
	$SharePointAddInName
	)

	$ErrorActionPreference = 'Stop'
	$InformationPreference = 'Continue'

	#Call AzCliToAzureAD.ps1 here for Pipeline.

	#Create Pasword
	$bytes = New-Object Byte[] 32
	$rand = [System.Security.Cryptography.RandomNumberGenerator]::Create()
	$rand.GetBytes($bytes)
	$rand.Dispose()
	$newClientSecret = [System.Convert]::ToBase64String($bytes)
	$dtStart = [System.DateTime]::Now
	$dtEnd = $dtStart.AddYears(2)

	Write-Information "Getting service principal named: $SharePointAddInName..."
	$serviceprincipal = Get-AzureADServicePrincipal -All:$true -Filter "DisplayName eq '$SharePointAddInName'"

	if($null -eq $serviceprincipal)
	{
	Write-Error "Unable to find service principal named: $SharePointAddInName"
	}

	Write-Information "Updating KeyCredential Usage Sign..."
	New-AzureADServicePrincipalKeyCredential -ObjectId $serviceprincipal.ObjectId -Type:Symmetric -Usage:Sign -Value $newClientSecret -StartDate $dtStart -EndDate $dtEnd \| Out-Null

	Write-Information "Updating KeyCredential Usage Verify..."
	New-AzureADServicePrincipalKeyCredential -ObjectId $serviceprincipal.ObjectId -Type:Symmetric -Usage:Verify -Value $newClientSecret -StartDate $dtStart -EndDate $dtEnd \| Out-Null

	Write-Information "Updating PasswordCredential..."
	New-AzureADServicePrincipalPasswordCredential -ObjectId $serviceprincipal.ObjectId -Value $newClientSecret -StartDate $dtStart -EndDate $dtEnd \| Out-Null

	#Update the application here.
	#For example add the secret to a key vault that the application is getting the secret from.

	Write-Information "Remove all KeyCredential started before $(Get-Date $dtStart -Format 'O' )..."
	$serviceprincipal = Get-AzureADServicePrincipal -All:$true -Filter "DisplayName eq '$SharePointAddInName'"
	$serviceprincipal.KeyCredentials \| ForEach-Object{
	$credential = $PSItem
	if($($credential.StartDate) -lt $dtStart)
	{
	Write-Information -MessageData:"Removing KeyCredential $($credential.KeyId)"
	Remove-AzureADServicePrincipalKeyCredential -ObjectId:$serviceprincipal.ObjectId -KeyId:$credential.KeyId
	}
	}

	Write-Information "Remove all PasswordCredential started before $(Get-Date $dtStart -Format 'O' )..."
	$serviceprincipal.PasswordCredentials \| ForEach-Object{
	$credential = $PSItem
	if($($credential.StartDate) -lt $dtStart)
	{
	Write-Information -MessageData:"Removing PasswordCredential $($credential.KeyId)"
	Remove-AzureADServicePrincipalPasswordCredential -ObjectId:$serviceprincipal.ObjectId -KeyId:$credential.KeyId
	}
	}

view raw Update-SharePointAddIn.ps1 hosted with ❤ by GitHub

Building SharePoint 2016 development environment – Part 12 – Configuring Hosting Apps and HNSC

Posted on August 30, 2016 by cann0nf0dder

A few years ago I wrote “Build your SharePoint 2013 development machine on Windows Server 2012” series, I mainly work in the cloud now, but as the blogs was so popular, I thought I would create a new series for the newer version of SharePoint.

You can access other parts of this post below.

Part 1 – Introduction
Part 2 – Setting up and configuring Host Computer using Hyper V
Part 3 – Building a base disk to use for differencing disks.
- Installing Windows Server 2012 R2
- Setting up the Menu
- Syspreping
Part 4 – Installing Active Directory
Part 5 – Creating Certificate Authority
Part 6 – Creating SQL & SharePoint Machine
Part 7 – Adding AD Accounts
Part 8 – Installing SQL 2016 ready for SharePoint 2016
- Installing SQL 2016
Part 9 – Installing SharePoint 2016
Part 10 – Configuring Central Administration for SSL
Part 11- Configuring Services
Part 12 – Configuring Hosting Apps and HNSC – (This post)
Part 13 – Configuring My Sites and User Profiles
Part 14 – Enterprise Search Centre
Part 15 – Configuring Workflow
- Installing SharePoint Designer
Part 16 – Installing and setting up Visual Studio
- Installing Visual Studio
- Cleaning up Hyper V Checkpoints

Before I create the App Management Service, I’m going to create a separate Domain for the Apps. By creating a separate domain, it helps you write apps that won’t allow cross-site scripting between apps and SharePoint site.

Configuring Hosting Apps

First we need to configure DNS

Go to you Domain Controller and from the Start Menu type DNS, and open the application.
In the Left Hand panel, right click Forward Lookup Zones and select New Zone… Click Next
Keep the Primary zone selected and Store the zone in Active Directory ticked.
Click Next
Leave the option To all DNS servers running on domain controllers in this domain: cfcode2016.com. Click Next
Here you enter the domain name, type cfapps.com. Click Next
Leave the top option selected and click Next
Click Finish. You will see your new domain showing in the Forward Lookup Zones in DNS.
Now right click on cfapps.com and select New Alias (CNAME) …
Type * for Name
Set the FQDN of the server that hosts the SharePoint sites, CFSP2016.cfcode2016.com in my case. Click OK.

If you are using more than one server, you should be pointing to the DNS record of the web server in here. This is either the DNS A record for the web server, or the DNS record of the primary cluster address for NLB environments.

Now if you open a command window and type in nslookup something.cfapps.com it will resolve to your SharePoint server.

Configuring SharePoint 2016 for Hosting Apps

I would recommend to copy the following powershell script and running it as a ps1 file (CreateAppService.ps1 from my one drive). Change the Change any of the variables to match your environments.

On the SharePoint box, logged in as SP_Setup, from the Start Menu, type SharePoint 2016 Management Shell.

Run the Script

	if ((Get-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue) -eq $null)
	{
	#Add SharePoint PowerShell Commands
	Add-PSSnapin "Microsoft.SharePoint.PowerShell"
	}

	$DatabaseServerName = "SQL2016"
	$AppPoolName = "Default SharePoint Service App Pool"
	$AppPoolUserName = "CFCODE2016\SP_Services"
	$AppDomain = "cfapps.com"

	$SubSettingsName = “Subscription Settings Service”
	$SubSettingsDB = “SP_SubscriptionSettingsDB”
	$AppManagementName = “App Management Service”
	$AppManagementNameProxy = "App Management Service Proxy"
	$AppManagementDB = “SP_AppManagementDB”

	$SubSvc = New-SPSubscriptionSettingsServiceApplication –ApplicationPool $AppPoolName –Name $SubSettingsName –DatabaseName $SubSettingsDB
	$SubSvcProxy = New-SPSubscriptionSettingsServiceApplicationProxy –ServiceApplication $SubSvc

	Get-SPServiceInstance \| where-object {$_.TypeName -eq $SubSettingsName} \| Start-SPServiceInstance > $null

	$AppManagement = New-SPAppManagementServiceApplication -Name $AppManagementName -DatabaseServer $DatabaseServerName -DatabaseName $AppManagementDB –ApplicationPool $AppPoolName
	$AppManagementProxy = New-SPAppManagementServiceApplicationProxy -ServiceApplication $AppManagement -Name $AppManagementNameProxy

	Get-SPServiceInstance \| where-object {$_.TypeName -eq $AppManagementName} \| Start-SPServiceInstance > $null
	Set-SPAppDomain $AppDomain
	Set-SPAppSiteSubscriptionName -Name “apps” -Confirm:$false

view raw CreateAppService.ps1 hosted with ❤ by GitHub

To verify the script configured SharePoint 2016 correctly open Central Administration
1. Under Application Management click Manage Service Application.
2. You should now have two new service application created
  1. App Management Service Application
  2. Subscription Settings Service Application
3. Now Navigate to System Settings by clicking the link on the left menu
4. Under Servers
  click the link Manage Services on Server.
5. Check that the following services have started
  1. App Management Service
  2. Microsoft SharePoint Foundation Subscription Setting Service
6. On the left hand menu, click on Apps
7. Under App Management, click the link Configure App URLs
8. Verify that:
  1. App Domain: cfapps.com
  2. App Prefix: app

Configuring SharePoint Server 2013 for Host-Named Site Collection and create Initial Site Collections.

Here we are going to create Host Named Site Collection (HNSC) for testing and hosting our apps. Microsoft recommends this because the Office 365 environment uses host-named site collections, new features are optimized for these site collections and they are expected to be more reliable. More can be found out directly from the technet article: http://technet.microsoft.com/en-us/library/cc424952.aspx . The only sites within your environment you should use Path Based Site Collections (PBSC) are Search Center and MySites. HNSC aren’t really needed for Search Center. The only way you can create HNSC is via powershell. So this is what we are going to do.

Register SP_Content

Open SharePoint Central Administration
Select Security > Configure managed Accounts.
Click Register Managed Account
Type Username as cfcode2016\SP_Content and the password as Pa55w0rd. Then click OK.

Create a new Web Application

Open up a PowerShell window and put the following: (change the port number if you wish) (CreateHNSC.ps1)

	$applicationPool = "SharePoint - HNSC - 11111"
	$ServiceAcct = "cfcode2016\SP_Content"
	$WebApp = "SharePoint HNSC Web Application"

	$contentDB = "SP_HNSC_ContentDB"

	New-SPWebApplication -ApplicationPool $applicationPool -ApplicationPoolAccount $serviceAcct -Name $WebApp -Port 11111 -AuthenticationProvider (new-spauthenticationprovider) -databaseName $contentDB -secureSocketsLayer

view raw CreateHNSC-1.ps1 hosted with ❤ by GitHub

Configuring the Alternative Access Mapping

From the Start Menu
open SharePoint 2016 Central Administration, this ensures it runs as Administrator.
Click Application Management, then under Web applications,
click Configure alternative mappings.
On the right hand side of the screen, Change the Alternate Access Mapping Collection to point to SharePoint HNSC Web Application.
Click the internal URL for https://cfsp2016:11111 so that you can edit it. Change the URL protocol, host to https://hnsc.cfcode2016.com
Click OK.
Back on the Alternate Access Mapping Screen, click Add Internal URLs and add a new Internal URL for each of the following listed below. Screenshot below
- https://cfsp2016:11111
- https://cfsp2016.cfcode2016.com:11111

Add certificates to IIS

In Start type IIS and open IIS Manager
Navigate to SharePoint HNSC Web Application and then on the right hand panel, click Bindings…
On the Bindings dialog, click Add…
In the Add Site Binding page, select https from the Type dropdown, leave the IP address as All Unassigned, the Port should say 443. Enter the Host name as hnsc.cfcode2016.com,
and tick Require Server Name Indication then select your certificate you created earlier. Click OK
Add the binding for host names dev.cfcode2016.com and intranet.cfcode2016.com, ensure the Type is https, you have ticked Require Server Name Indication and you have selected your certificate.

Creating the Top level Site

Because the top-level site is an HNSC is not going to be used by anyone in the site. Therefore, this PowerShell script will create a blank site. (CreateHNSC.ps1)

In PowerShell run the following script:

New-SPSite -Url "https://hnsc.cfcode2016.com:11111" -OwnerAlias "cfcode2016\SP_Setup" -Template STS#1

view raw CreateHNSC-2.ps1 hosted with ❤ by GitHub

Site Collections

Here we are going to create a TeamSite called Intranet.cfcode2016.com and a developer site called dev.cfcode2016.com. Please note you can only create, debug and test apps using a developer site. You could type the PowerShell into notepad, save the file as PS1 and run it from SharePoint 2016 Management Shell, instead of typing each row directly. We are first going to create 2 databases, one for each Site collection. This is good practice for backups and restore purposes.

From the Start Menu, type SharePoint 2016 Management Shell, and open the application. (CreateHNSC.ps1)

Type

	$devdb = “SP_DEVDB”
	$intranetdb = “SP_IntranetDB”
	$webApp = “SharePoint HNSC Web Application”

	#Build Databases
	new-SPContentDatabase -Name $devdb -WebApplication $WebApp -WarningSiteCount 0 -MaxSiteCount 1
	new-SPContentDatabase -Name $intranetdb -WebApplication $WebApp -WarningSiteCount 0 -MaxSiteCount 1

	$hnsc = Get-SPWebApplication \| Where-Object {$_.DisplayName -eq $webApp}
	New-SPSite -Name “CF Development” -Url https://dev.cfcode2016.com –HostHeaderWebApplication $hnsc -OwnerAlias “cfcode2016\SP_Setup” -Template “DEV#0” -contentDatabase $devdb
	New-SPSite -Name “CF Intranet” -Url https://intranet.cfcode2016.com –HostHeaderWebApplication $hnsc -OwnerAlias “cfcode2016\SP_Setup” -Template “STS#0” -contentDatabase $intranetdb

view raw CreateHNSC-3.ps1 hosted with ❤ by GitHub

To verify that the host-name site collections are created:

Open up SharePoint 2016 Central Administration
Under Application Management click View all Site Collections
Ensure the Web Application is pointing to the HNSC web and you should see the two site collections plus the root site.
By clicking on the different site collections, you will also see that the Database Name is assigned correctly to the correct database as set up in our PowerShell script.
You can also navigate in a browser to https://dev.cfcode2016.com or https://intranet.cfcode2016.com. Notice that the SSL certificate is valid.

Configuring SSL for Apps

As our App domain is on a different domain to our SharePoint domain, we should create a different SSL certificate for it.

Ensure you are on the SharePoint box with a Domain Admin Account. (cfcode2016\Administrator)
We have already configured the Certificate Authority earlier on the Domain Controller. Here we are going to request the certificate using Internet Information Services on the SharePoint Server. From the Start Menu, type IIS and open Internet Information Services (IIS) Manager
Once IIS opens, click on the Server Name. (CFSP2016) You will be prompted with a dialog asking to get started with Microsoft Web Platform, click do not show this message and then click No.
From the IIS section, double click Server Certificates
From the right hand side of the screen, click Create Domain Certificate
Complete the form for the Domain Certificate as follows (Change to match your environment if not following exactly along)
- Common Name : *.cfapps.com
- Organisation: CF Code
- Organizational Unit: Computers
- City/Locality: London
- State/Province: London
- Country/Region: GB
Click Next
On the Online Certification Authority enter the common name you gave your Authority Name\Server Name. (For example mine is MY-CA\CFAD.cfcode2016.com), You can also use the select button if you have configured everything correctly. You can put anything in the friendly name box, ensure it is different from your other certificate friendly name, and easy identifiable as the Apps certificate. Click Finish.
You should now see the certificate in the Server certificates window.
If there were other servers in your farm, you would need to export the .pfx file so that it can be imported into the other servers.

Configure SharePoint for Apps

We need to configure our SharePoint and IIS to use a different certificate for Apps, and also our Web Application needs to know to use our App Domain.

Sign back into the SharePoint machine as SP_Setup.
Run as administrator, SharePoint 2016 Management Shell
Run the following PowerShell Script

New-SPWebApplicationAppDomain -AppDomain "cfapps.com" -WebApplication "https://intranet.cfcode2016.com" -Zone Default -Port 11111 -SecureSocketsLayer

view raw CreateAppWebDomain.ps1 hosted with ❤ by GitHub

Next we need run the following command:

	$contentService = [Microsoft.SharePoint.Administration.SPWebService]::ContentService
	$contentService.SupportMultipleAppDomains = $true
	$contentService.Update();
	IIsreset

view raw AppMultiDomains.ps1 hosted with ❤ by GitHub

In Start type IIS and open IIS Manager

Navigate to SharePoint HNSC Web Application and then on the right hand panel, click Bindings…
On the Bindings dialog, select the one without the Host Name on Port 11111 and click Edit
Change the Port to 443, and select the SSL Certificate as your App Certificate.
Click OK.

Add Apps to your Intranet Zone.

To prevent getting prompted for your login, configure the intranet zone in IE.

Open up Internet explorer
Click on the cog symbol, and select Intranet Options
Select the Security tab, and then click on Local Intranet. Then click on the Sites button.
On the Local intranet dialog, click the Advanced button.
Type *.cfapps.com and click Add. (You might need to untick Require server verification (https) for all sites in this zone )
Then click Close, OK, and OK

Checking that Apps are new set up for your farm

Open up your intranet site https://intranet.cfcode2016.com
At the top right of the screen click the cog icon.
From the drop down, click Add an app
On the App page, in the quick launch menu area, click on SharePoint Store
If you have connected up correctly you will now see Apps that you can download from the SharePoint store.
Pick a free one to install. I’m selecting Bright Banner. (Have no idea if it’s any good, so not endorsing, just using for testing purposes)
Click Add it.
Confirm that you wish to add the app. Click Continue
A page will state that you have just go this app for everyone in your organization. Click Return to Site
A prompt will appear, asking if you trust the application. Click Trust It.
After a moment you will be returned to your Site Contents. You will also note that your app that you downloaded is currently being added to your site. Once complete the adding text will disappear.
Click on the App. It will load. Take note of the URL. It is being called from the domain you created earlier cfapps.com. Congratulations you have got Apps working!

So glad I finally got Apps certificates to work. Took me a couple of attempts. Thank you to Anupam Shrivastava and his blog post http://akforsharepoint.blogspot.co.uk/2015/05/sharepoint-hosted-apps-in-aam-or-host.html for helping finally cracking it.

I recommend shutting down and taking checkpoints again.

Updating an expired Client Secret of SharePoint Add-in

Posted on May 18, 2016 by cann0nf0dder

Updated with Azure-AD / AZ Cli here https://cann0nf0dder.wordpress.com/2019/11/25/updating-an-expired-client-secret-of-a-sharepoint-add-in-using-azure-ad-az-cli/

Been working with SharePoint Add-in tokens for a while now, but this week has been the first time I’m still working with an add-in longer than a year in one environment. My application start throwing the error message:

“Error:Token request failed., InnerMessage:System.Net.WebException: The remote server returned an error: (401) Unauthorized.”

I knew that they did expire after a year, but never really thought about (until now) how to go about renewing them. Luckily Microsoft documentation nowadays is a lot better than it used to be. I found this walk through https://msdn.microsoft.com/en-us/library/office/dn726681.aspx. In case Microsoft takes the link down, or changes the URL, I will explain the steps below. I have also changed the code slightly for the Report on Client ID expiry dates, as the Microsoft one didn’t return the results I expected.

Report on Client ID expiry dates.

Open Windows Powershell and run the following cmdlet:

Connect-MsolService

A login prompt will appear, here enter the tenant-administrator credentials for the Office 365 tenancy where the add-in was registered with AppRegNew.aspx

You can generate a report that list each add-in in the tenant with the date that the secret expires with the following PowerShelll code.

$applist = Get-MsolServicePrincipal -all  |Where-Object -FilterScript { ($_.DisplayName -notlike "*Microsoft*") -and ($_.DisplayName -notlike "autohost*") -and  ($_.ServicePrincipalNames -notlike "*localhost*") }
$output = "";
foreach ($appentry in $applist)
{
    $principalId = $appentry.AppPrincipalId
    $principalName = $appentry.DisplayName

    $results =  Get-MsolServicePrincipalCredential -AppPrincipalId $principalId -ReturnKeyValues $false | Where-Object { ($_.Type -ne "Other") -and ($_.Type -ne "Asymmetric") }
    if($results.count -gt 0)
    {
         $output += "PrincipalId:`t$principalId`n"
         $output += "PrincipalName:`t$principalName`n"
         $output += "Keys`n" foreach($result in $results) { 
         $output += "Type:`t" + $result.Type + "`n" 
         $output += "Value:`t" + $result.Value + "`n" 
         $output += "KeyId:`t" + $result.KeyId + "`n" 
         $output += "StartDate:`t" + $result.StartDate + "`n" 
         $output += "EndDate:`t" + $result.EndDate + "`n" 
         $output += "Usage:`t" + $result.Usage+ "`n" $output += "`n"        
     } 
      $output += "-----------------------------------------------`n" } 
} 
      $output | Out-File "c:\temp\appsec.txt"

The above code first filters out Microsoft’s own applications, add-ins still under development (and a now-deprecated type of add-in that was called autohosted).
Filters out non-SharePoint add-ins and add-in like workflow.

Open the file at c:\temp\appsec.text to see the report.

An example of the report below:

Note: The PrincipalID is your Client ID

Generate a new secret for another year.

To generate a new secret, you just need to run the following PowerShell script:

$clientId = &lt;#Replace with your ClientID of the add-in&gt;
$bytes = New-Object Byte[] 32
$rand = [System.Security.Cryptography.RandomNumberGenerator]::Create()
$rand.GetBytes($bytes)
$rand.Dispose()
$newClientSecret = [System.Convert]::ToBase64String($bytes)
New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Symmetric -Usage Sign -Value $newClientSecret
New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Symmetric -Usage Verify -Value $newClientSecret
New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Password -Usage Verify -Value $newClientSecret
$newClientSecret

The output of the above PowerShell file will give you a new Client Secret, take note of this:

Generate a new secret for 3 years.

It is possible to create a secret that will last 3 years, the PowerShell script is very similar to the above script, but now it has a start and end date.

$clientId = &lt;#Replace with your ClientID of the add-in&gt;
$bytes = New-Object Byte[] 32
$rand = [System.Security.Cryptography.RandomNumberGenerator]::Create()
$rand.GetBytes($bytes)
$rand.Dispose()
$newClientSecret = [System.Convert]::ToBase64String($bytes)
$dtStart = [System.DateTime]::Now
$dtEnd = $dtStart.AddYears(3)
New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Symmetric -Usage Sign -Value $newClientSecret -StartDate $dtStart -EndDate $dtEnd
New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Symmetric -Usage Verify -Value $newClientSecret -StartDate $dtStart -EndDate $dtEnd
New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Password -Usage Verify -Value $newClientSecret -StartDate $dtStart -EndDate $dtEnd
$newClientSecret

Updating the remote web application using the new secret

If you are redeploying from Visual Studio you will need to update the client Secret in your Web.Config
If you are just updating directly in Azure, you can just go to the configurations and update the new secret there.

If you are using the default TokenHelper.cs file in your project, and it’s not the prerelease version then you can add a second app setting called SecondaryClientSecret. Here you would put in your old secret, and in the ClientSecret put in the new one. This is so if your token is going to expire soon, the application will still work as it will try one first then the other.

Time to propagate Client Secret to SharePoint

According the Microsoft link you should wait at least 24 hours to propagate the ClientSecret. However, I found as soon as I changed the secret I could use it straight away. After changing your Client Secret if you run the ‘Report on Client ID expiry dates’ powershell again, those dates didn’t update for me until the following day.

I ran the report the following day, and as you can see below, Demo App 1 which was shown in the screen shot above now has 3 new keys with new dates.

Deleting expired client secrets

As expired client secrets do not seem to get removed, it is recommended to delete them. The code below will grab any keys that are expired for a ClientID and delete them.

$clientId = &lt;#Replace with your ClientID of the add-in&gt;;
$keys = Get-MsolServicePrincipalCredential -AppPrincipalId $clientId -ReturnKeyValues $false
$dtNow = [System.DateTime]::Now
foreach($key in $keys)
{
 if($key.EndDate -lt  $dtNow)
 {
   write-host $key.KeyId "Expired"
   Remove-MsolServicePrincipalCredential -KeyIds @($key.KeyId) -AppPrincipalId $clientId
 }
}

Creating lookup and dependency columns in CSOM

Posted on August 29, 2015 by cann0nf0dder

What is a dependency column?

When you create a list in SharePoint this list can be used as a lookup. So for example (a very bad example, but gives you the idea), you have a customer list and an order list. On the order list you want to lookup to your Customer List. You would pick the column you want to point to for the lookup, in this case it would probably be the Customer column. However there might be other columns from the Customer list that you want to pull through to your orders list. (Customer ID, Date Joined etc). These extra columns are the dependency columns.

The customer you pick to associate with the order, these extra columns are pulled through. On the lookup list, if any of the data changes for the customer, this data will automatically be updated on the order list.

Not all columns can be used as a lookup/dependency column, only columns that can are:

Single Line of text
Number
Date
Calculated

The Demo

I have put together a demo, using a SharePoint hosted Add-In (SharePoint App). This SharePoint Add-in acts as a provisioning page to create my columns and lists, (similar to how OfficeDevPnp samples work) I will not be explaining in this post how to create a SharePoint Add-In.

The main point of the code that adds the dependant lookups uses the method AddDependentLookup which is part of the Microsoft.SharePoint.Client namespace.

public Field AddDependentLookup(string displayName, Field primaryLookupField, string lookupField )

I will be explaining the relevant sections of the code. All the methods have been written so that if anything already exists, it will not recreate it. My code also using OfficeDevpnp dlls, which I have obtained through NuGet. It is not until near the end after creating the Order List will I be adding the dependency columns.

Creating the Customer List

This is standard SharePoint CSOM code, I’m checking if the list already exists, if it doesn’t then I create it.

 
List customerList = null; 
if(!ctx.Web.ListExists("Customers")) 
{ 
  customerList = ctx.Web.CreateList(ListTemplateType.GenericList, "Customers", false, false); 
}
else { 
  customerList = ctx.Web.Lists.GetByTitle("Customers"); 
} 
customerList.Update(); 
ctx.Load(customerList); 
ctx.ExecuteQueryRetry();

I then change the Title display value from Title to Customer Name.

var title = customerList.Fields.GetByInternalNameOrTitle("Title"); 
title.Title = "Customer Name"; 
title.Update();

Lastly I create 3 fields if they don’t exist, Account ID, Address, Date Joined. Once the Date Joined column is created, I’m then ensuring that the Date column is just using Date Only, instead of Date Time values.

 if(!customerList.FieldExistsById("E99BF256-BC01-4A37-B35A-B39BCC5FB82E")) 
 { 
   var accountId = new FieldCreationInformation(FieldType.Text){ 
                           AddToDefaultView = true, 
                           DisplayName = "Account ID", 
                           Id = new Guid("E99BF256-BC01-4A37-B35A-B39BCC5FB82E"), 
                           Group="Lookups", 
                           Required=true, 
                           InternalName = "AccountID" 
                      }; 
    customerList.CreateField(accountId, true); 
 }

 if(!customerList.FieldExistsById("2A8ABC2E-B7F0-4187-ADCA-7831648AFAD3")) 
 {
   var address = new FieldCreationInformation(FieldType.Note){
                           AddToDefaultView = true, 
                           DisplayName = "Address", 
                           Id = new Guid("2A8ABC2E-B7F0-4187-ADCA-7831648AFAD3"), 
                           Group = "Lookups", 
                           Required =true, 
                           InternalName = "CustomerAddress" 
                       }; 
   customerList.CreateField(address, true); 
 } 

 if(!customerList.FieldExistsById("C73123E9-85C8-4156-B280-E7783EEB119C")) 
 { 
   var dateJoined = new FieldCreationInformation(FieldType.DateTime){
                             AddToDefaultView = true, 
                             DisplayName = "Date Joined", 
                             Id= new Guid("C73123E9-85C8-4156-B280-E7783EEB119C"), 
                             Group = "Lookups", 
                             Required = true, 
                             InternalName = "DateJoined" 
                         }; 
   customerList.CreateField(dateJoined, true); 

   var dateJoinedField = ctx.CastTo<FieldDateTime>(customerList.Fields.GetById(new Guid("C73123E9-85C8-4156-B280-E7783EEB119C"))); 
   ctx.Load(dateJoinedField); 
   ctx.ExecuteQueryRetry(); 

 if(dateJoinedField.DisplayFormat == DateTimeFieldFormatType.DateTime) 
 { 
  dateJoinedField.DisplayFormat = DateTimeFieldFormatType.DateOnly; 
  dateJoinedField.UpdateAndPushChanges(true); 
  ctx.ExecuteQueryRetry(); 
 } 
}

As this is just a demo, I want to ensure that my Customer list already has some data in it ready to use. Therefore I’ve added a method that just adds some data to the Customer list.

private void CreateCustomerData(ClientContext ctx) 
{ 
  List customerList = ctx.Web.Lists.GetByTitle("Customers"); 
  ctx.Load(customerList); 
  ctx.ExecuteQueryRetry(); 
  if(customerList.ItemCount == 0) { 
      //Add Data. 
      Microsoft.SharePoint.Client.ListItem cust1 = customerList.AddItem(new ListItemCreationInformation()); 
      cust1["Title"] = "Customer A"; 
      cust1["AccountID"] = "A12345"; 
      cust1["CustomerAddress"] = "85 Abbott Close, \r\nLondon"; 
      cust1["DateJoined"] = new DateTime(2015, 6, 4).ToString("o"); 
      cust1.Update(); 

      Microsoft.SharePoint.Client.ListItem cust2 = customerList.AddItem(new ListItemCreationInformation()); 
      cust2["Title"] = "Customer B"; 
      cust2["AccountID"] = "B26554"; 
      cust2["CustomerAddress"] = "745 Rose Drive, \r\nLondon"; 
      cust2["DateJoined"] = new DateTime(2014, 8, 14).ToString("o"); 
      cust2.Update(); 
      
      Microsoft.SharePoint.Client.ListItem cust3 = customerList.AddItem(new ListItemCreationInformation()); 
      cust3["Title"] = "Customer C"; 
      cust3["AccountID"] = "C44575"; 
      cust3["CustomerAddress"] = "547 Cooper Way, \r\nLondon"; 
      cust3["DateJoined"] = new DateTime(2011, 1, 24).ToString("o"); 
      cust3.Update(); 

      ctx.ExecuteQueryRetry(); 
 } 
}

Now we can move onto creating the Orders list. I have written this code very similar to how I started to write the Customer list, where I’m first checking if it exists first before creating it. I’m then changing the Title display value from Title to Orders. So that I have access to the Customers list columns I’m loading the list and columns.

 List orderList = null; 
 if (!ctx.Web.ListExists("Orders")) 
 { 
   orderList = ctx.Web.CreateList(ListTemplateType.GenericList, "Orders", false, false); 
 } 
 else 
 { 
   orderList = ctx.Web.Lists.GetByTitle("Orders"); 
 } 

 //Change Title 
 var title = orderList.Fields.GetByInternalNameOrTitle("Title"); 
 title.Title = "Order Item"; 
 title.Update(); 

 //Get the customer list 
 List customerList = ctx.Web.Lists.GetByTitle("Customers");
 //Load Lists, fields and views ready to add more fields and lookup fields. 
 ctx.Load(orderList); 
 ctx.Load(customerList); 
 ctx.Load(customerList.Fields); 
 ctx.ExecuteQueryRetry();

I now need to add the columns to the Order list. I’m going to start with the Cost column, as this is a standard currency column. I’m checking if the column exists first before adding it to the list.

 Field cost = null; 
 if (!orderList.FieldExistsById(new Guid("70420D11-3D40-4B53-AAF4-21B57D51C033"))) 
 { 
  FieldCreationInformation orderCost = new FieldCreationInformation(FieldType.Currency) 
  { 
    DisplayName = "Cost", 
    Id = new Guid("70420D11-3D40-4B53-AAF4-21B57D51C033"), 
    AddToDefaultView = true, 
    Group = "Lookups", 
    Required = true, 
    InternalName = "Cost" 
  }; 

 cost = orderList.CreateField(orderCost, true); 
 ctx.Load(cost); 
 }

This is the section where the AddDependentLookup method is being used. First I need to create the lookup column from the Customers list to the Orders list. If it already exists I need to load this column as I require the Field when I call the AddDependentLookup method. Once this is created, I will check to see if the dependency column has already been added. Unfortunately when it gets added, you don’t have control over what the GUID of the column will be. Therefore you will need to check by internal name. This name will be the title of the column that you give it encoded the way SharePoint encodes spaces, punctuation etc. If the column doesn’t exist it is then added to the Order list using the AddDependentLookup method passing in the column display name, the lookupfield, and the internal name of the dependant column within the customer list.

FieldLookup customerLookupField = null; 
if (!orderList.FieldExistsById("FE9ED460-02E7-4124-A4F0-BFE5A3DDA4D0")) 
{ 
  FieldCreationInformation customerLookup = new FieldCreationInformation(FieldType.Lookup) { 
       DisplayName = "Customer", 
       Id = new Guid("FE9ED460-02E7-4124-A4F0-BFE5A3DDA4D0"), 
       Group = "Lookups",
       Required = true, 
       AddToDefaultView = true, 
       InternalName = "CustomerLookup" 
 }; 
  customerLookupField = ctx.CastTo<FieldLookup>(orderList.CreateField(customerLookup, false)); 
  customerLookupField.LookupList = customerList.Id.ToString(); 
  customerLookupField.LookupField = "Title"; 
  customerLookupField.Update(); 
  ctx.ExecuteQueryRetry(); 
} 
else 
{ 
  customerLookupField = ctx.CastTo<FieldLookup>(orderList.Fields.GetById(new Guid("FE9ED460-02E7-4124-A4F0-BFE5A3DDA4D0"))); 
  ctx.Load(customerLookupField); 
  ctx.ExecuteQueryRetry(); 
 } 
 
 //Add Dependency fields. AccountID, DateJoined 
 Field accountDependency = null; 
 if (!orderList.FieldExistsByName("Cust_x002e__x0020_Account")) 
 {
   accountDependency = orderList.Fields.AddDependentLookup("Cust. Account", customerLookupField, "AccountID"); 
   ctx.Load(accountDependency); 
 } 
  Field dateJoinedDependency = null; 
  if (!orderList.FieldExistsByName("Cust_x002e__x0020_Joined")) 
  { 
    dateJoinedDependency = orderList.Fields.AddDependentLookup("Cust. Joined", customerLookupField, "DateJoined"); 
  ctx.Load(dateJoinedDependency); 
  } 
  ctx.ExecuteQueryRetry();

After deploying my app, and loading it up, I am able to create the lookup lists.

Customer List

Creating a new Order

Orders List

Reference

https://msdn.microsoft.com/en-us/library/microsoft.sharepoint.client.fieldcollection.adddependentlookup.aspx

Link to Visual Studio Project

http://1drv.ms/1WWzyoi

AMS – App Model Samples

Posted on March 3, 2014 by cann0nf0dder

A good set of examples of Apps have been released by Microsoft. They can be found on CodePlex. Most will work on 365 and on Prem.

Quick list of included scenarios.

Cloud base site collection provisioning
Creating site collections remotely using SP Apps in on-premises
Provision and integrate Yammer group into site provisioning
Manage and update theme settings in host web
Changing host web rendering with custom CSS
Site policy management with CSOM
Wiki page manipulation using CSOM
Site collection enumeration
Setting up Apps to Windows Azure with specific roles
People picker implementation for provider hosted app
Taxonomy picker implementation for provider hosted app
Utilization of JavaScript injection pattern to modify the UI for end users
Uploading of large files to SharePoint
Deploy branding to personal OneDrive Pro sites automatically
Connect to and manipulate Office365 sites using console application
Provide custom template pattern for sub site creation
Manipulation of user profile properties remotely
Build sync of user profile properties in cloud
Taxonomy driven navigation control using JavaScript
Mass deployment of branding elements from console app
Hybrid self-service site collection provisioning – one UI for cloud and on-prem
Synchronization of user profile pictures from on-prem to SharePoint Online
Dynamic permission handling
Remote event receivers from host web

https://officeams.codeplex.com/

Cross Domain and SharePoint Hosted Apps using CSOM

Posted on April 20, 2013 by cann0nf0dder

Continuing on from last week blog post on Cross Domain and SharePoint Hosted Apps using REST, today I’m going to show you how to do the same Cross Domain calls but by using CSOM.

If you remember the 2 different calls I made in my project were a call back to the host domain to retrieve the title, and to retrieve all the lists in the host web. Here I’m going to extend that project and include two additional buttons that are going to do exactly the same thing, but using CSOM.

Below is a screen shot where we last left off.

If you were following along, open the solution from last week, and let us continue.

Open the Default.aspx page. Here we will add the two buttons to the relevant sections. Under the last button with the id=”btnStandardRestGetTitle” but before the </div> lets add the button to get Title via CSOM.

<span><input type="button" id="btnCSOMGetTitle" value="Get Title via CSOM" onclick="getTitleCSOM()" /></span>

While we are in the Default.aspx page, let us add the button to get the lists via CSOM as well. Under the last button with the id=”btnStandardRestGetLists” but before the </div> lets add the button to get Lists via CSOM.

<span><input type="button" id="btnCSOMGetLists" value="Get Lists via CSOM" onclick="getListsCSOM()" /></span>

Open up your App.js file. Let us add the two click event handlers for the buttons we just placed on default.aspx

/*Button Click Get CSOM*/
function getTitleCSOM() {
    execCSOMTitleRequest();
}
/*button Click Get List CSOM*/
function getListsCSOM() { execCSOMListRequest();}

Lastly we are going to add the two functions that returns the title and Lists, with their corresponding Success and Fail handlers.

/*********************************CSOM*****************************************************/
//CSOM Cross Domain call to obtain HostWeb Title
function execCSOMTitleRequest() {
    var context;
    var factory;
    var appContextSite;
    var collList;
    //Get the client context of the AppWebUrl
    context = new SP.ClientContext(appwebUrl);
    //Get the ProxyWebRequestExecutorFactory
    factory = new SP.ProxyWebRequestExecutorFactory(appwebUrl);
    //Assign the factory to the client context.
    context.set_webRequestExecutorFactory(factory);
    //Get the app context of the Host Web using the client context of the Application.
    appContextSite = new SP.AppContextSite(context, hostwebUrl);
    //Get the Web
    this.web = appContextSite.get_web();
    //Load Web.
    context.load(this.web);
    context.executeQueryAsync(
        Function.createDelegate(this, successTitleHandlerCSOM),
        Function.createDelegate(this, errorTitleHandlerCSOM)
        );
    //success Title
    function successTitleHandlerCSOM(data) {
        $('#lblResultTitle').html("<b>Via CSOM the title is:</b> " + this.web.get_title());
    }
    //Error Title
    function errorTitleHandlerCSOM(data, errorCode, errorMessage) {
        $('#lblResultLists').html("Could not complete CSOM call: " + errorMessage);
    }
}
//CSOM Cross domain call to obtain HostWeb Lists
function execCSOMListRequest(){
    var context;
    var factory;
    var appContextSite;
    var collList;
    //Get the client context of the AppWebUrl
    context = new SP.ClientContext(appwebUrl);
    //Get the ProxyWebRequestExecutorFactory
    factory = new SP.ProxyWebRequestExecutorFactory(appwebUrl);
    //Assign the factory to the client context.
    context.set_webRequestExecutorFactory(factory);
    //Get the app context of the Host Web using the client context of the Application.
    appContextSite = new SP.AppContextSite(context, hostwebUrl);
    //Get the Web
    this.web = appContextSite.get_web();
    // Get the Web lists.
    collList = this.web.get_lists();
    //Load Lists.
    context.load(collList);
    context.executeQueryAsync(
        Function.createDelegate(this, successListHandlerCSOM),
        Function.createDelegate(this, errorListHandlerCSOM)
        );
    //Success Lists
    function successListHandlerCSOM() {
            var listEnumerator = collList.getEnumerator();
            $('#lblResultLists').html("<b>Via CSOM the lists are:</b><br/>");
        while (listEnumerator.moveNext()) {
            var oList = listEnumerator.get_current();
            $('#lblResultLists').append(oList.get_title() + " (" + oList.get_itemCount() + ")<br/>");
        }
    }
    //Error Lists
    function errorListHandlerCSOM(data, errorCode, errorMessage) {
        $('#lblResultLists').html("Could not complete CSOM Call: " + errorMessage);
    }
};

If we now run out solution, you should see all three ways of obtaining the title and lists from the host.

By clicking Get Title via CSOM this will return the title “Cannonfodder Development” in my case, exactly the same result as if we tried via REST.

By clicking Get Lists via CSOM this will return all the lists from my host Cannonfodder development, exactly the same list as if we tried via REST.

I hope these two blogs gave you a basic understanding of the different ways you can interact with the host in SharePoint 2013.

Cross Domain and SharePoint Hosted Apps using REST

Posted on April 14, 2013 by cann0nf0dder

When building SharePoint Apps, because they sit in a different Domain to your SharePoint website there are “blocking mechanisms” that prevents it from retrieving data from the SharePoint website. To be able to communicate, you will need to use the Cross Domain library. The cross domain library is a JavaScript file known as SP.RequesterExecutor.js, which is referenced by the SharePoint app, and hosted in the SharePoint website. You can find the SP.RequesterExecutor.js file under the “_layouts/15/” directory.

In SharePoint 2013, REST (Representational State Transfer) is a great way of communicating with SharePoint websites. You can test out REST directly in the browser. For example, in your browser type:

http://<site>/_api/web/?$select=Title

In the above REST call, I have requested the Web and got the Title only. If I didn’t add $select=Title I would have retrieved all information about dev.cannonfodder.local web. For more information on to how to use REST it can be found at the following Microsoft website http://msdn.microsoft.com/en-gb/library/fp142385.aspx

Cannot see feeds?

If when you did the above REST query you didn’t see the XML feed, but received the following message, just follow these steps.

Access Internet Options. Then on the Content tab, click Settings.
In the Feed and Web Slice Settings untick Turn on feed reading view. Click OK, OK and then refresh your browser with the REST query in it. You should now be seeing the data similar to my initial screenshot.

Cross Domain project

I’m going to walk you through building a SharePoint Hosted App, that will make 2 different Cross Domain calls. One will obtain the Title of the Host website, and the second will obtain all the lists in the host site.

Open Visual Studio and create a new App for SharePoint 2013 project.
Point it to your development site, and set the hosting to SharePoint Hosted.
First open the AppManifest.xml file, and on the Permission tab, give the scope of Web the permission of Read.

On your default.aspx page, within the PlaceHolderMain ContentPlaceHolder put the following.

<div>
<h2>Please select a way to bring back the title from the host web:</h2>
</div>
<div><input id="btnCrossDomainGetTitle" onclick="getTitleXd()" type="button" value="Get Title via REST Cross Domain" /></div>
<div>
<h2>Please select a way to bring back all lists in the host web:</h2>
</div>
<div><input id="btnCrossDomainGetLists" onclick="getListsXd()" type="button" value="Get Lists via REST Cross Domain" /></div>

Now switch to the App.js file.

First thing we need to do is set up the page to load the SP.RequestExecutor.js script. We also need to obtain the SPHostUrl.

//global variables.
var hostwebUrl
var appwebUrl;
var web;
// This code runs when the DOM is ready and creates a context object which is needed to use the SharePoint object model
/*Get the page ready*/
$(document).ready(function () {
    hostwebUrl = decodeURIComponent(getQueryStringParameter("SPHostUrl"));
    appwebUrl = decodeURIComponent(getQueryStringParameter("SPAppWebUrl"));
    var scriptbase = hostwebUrl + "/_layouts/15/";
    $.getScript(scriptbase + "SP.RequestExecutor.js");
});
function getQueryStringParameter(paramToRetrieve) {
    var params = document.URL.split("?")[1].split("&");
    var strParams = "";
    for (var i = 0; i &amp;lt; params.length; i = i + 1) {
        var singleParam = params[i].split("=");
        if (singleParam[0] == paramToRetrieve)
            return singleParam[1];
    }
}

Now we need to add the button click handler, and the code to call and display the Title.

/*Button Click Get Title Cross Domain*/
function getTitleXd() {
     execCrossDomainTitleRequest();
}
//Cross Domain Call to obtain HostWeb Title.
function execCrossDomainTitleRequest() {
    var executor;
    executor = new SP.RequestExecutor(appwebUrl);
    var url = appwebUrl + "/_api/SP.AppContextSite(@target)/web/Title?@target='" + hostwebUrl + "'";
    executor.executeAsync({
        url: url,
        method: "GET",
        headers: { "Accept": "application/json; odata=verbose" },
        success: successTitleHandlerXD,
        error: errorTitleHandlerXD
    }
    );
}
//Success Title
function successTitleHandlerXD(data) {
    var jsonObject = JSON.parse(data.body);
    $('#lblResultTitle').html"<b>Via Cross Domain the title is:</b> " + jsonObject.d.Title);
}
//Error with Title.
function errorTitleHandlerXD(data, errorCode, errorMessage) {
    $('#lblResultTitle').html("Could not complete cross-domain call: " + errorMessage);
}

Now let’s add the button click handler and the code to display the lists from the host web.

/*Button Click Get Lists Cross Domain*/
function getListsXd() { execCrossDomainListRequest(); }
//Cross Domain Call to obtain Host Web Lists
function execCrossDomainListRequest() {
    var executor;
    executor = new SP.RequestExecutor(appwebUrl);
    var url = appwebUrl + "/_api/SP.AppContextSite(@target)/web/lists?@target='" + hostwebUrl + "'";
    executor.executeAsync({
        url: url,
        method: "GET",
        headers: {"Accept" : "application/json; odata=verbose"},
        success: successListHandlerXD,
        error: errorListHandlerXD
    });
}
//Success Lists
function successListHandlerXD(data){
    var jsonObject = JSON.parse(data.body);
    //Get LIsts
    var lists = jsonObject.d.results;
    $('#lblResultLists').html("<"b>Via Cross Domain the lists are:</b>");
    //Loop through each item adding to the label.
    var listsHtml = $.each(lists, function(index, list){
        $('#lblResultLists').append(list.Title + " (" + list.ItemCount + ")
");
    });
}
//Error Lists
function errorListHandlerXD(data, errorCode, errorMessage){
    $('#lblResultLists').html("Could not complete cross-domain call: " + errorMessage);
}

Now let’s run the app and see it working.

Cross domain call without using SP.RequestExecutor.js

Now during my learning journey of Cross Domain, I discovered that I can still call into my host site, using a REST URL based on the App web URL. I don’t believe this is a supported way, as I haven’t found anything on Microsoft sites that confirm this, however I have got this working On-Prem and Autohosted in 365.

Back on our app, open up the Default.aspx file again.
Add the two following buttons, put the btnStandardRestGetTitle after the btnCrossDomainGetTitle button, but before the </div>. And put the btnStandardRestGetLists after the btnCrossDomainGetLists, but before the </div>


<input id="btnStandardRestGetTitle" onclick="getTitle()" type="button" value="Get Title standard REST" />

<input id="btnStandardRestGetLists" onclick="getLists()" type="button" value="Get Lists standard REST" />

Back in the App.js file. First we need to add a function that gets the actual path of the application Url.

//Obtains the path upto the actual application. E.g. http://app123.app.code/SubSite/CrossDomainApp
//gets http://app123.app.com/SubSite
function getUrlPath() {
    var webRel = _spPageContextInfo.webAbsoluteUrl;
    var lastIndex = webRel.lastIndexOf('/');
    var urlpath = webRel.substring(0, lastIndex);
    return urlpath;
}

Now we need to add the button click handler, and the code to call and display the Title.

/*Button Click Get Title Rest*/
function getTitle() {
    execRESTTitleRequest();
}
//REST Call to obtain HostWeb Title
function execRESTTitleRequest() {
    var url = getUrlPath() + "/_api/web/?$select=Title";
    $.ajax({
        url: url,
        method: "GET",
        headers: { "Accept": "application/json; odata=verbose" },
        success: successTitleHandler,
        error: errorTitleHandler
    });
}
//Success Title
function successTitleHandler(data) {
    $('#lblResultTitle').html("<b>Via REST the title is:</b>" + data.d.Title);
}
//Error Title
function errorTitleHandler(data, errorCode, errorMessage) {
    $('#lblResultTitle').html("Could not complete REST call: " + errorMessage);
}

Now let’s add the button click handler and the code to display the lists from the host web.

/*Button Click Get List Rest*/
function getLists() { execRESTListRequest(); }
//REST Call to obtain HostWeb Lists
function execRESTListRequest() {
    var url = getUrlPath() + "/_api/web/Lists";
    $.ajax({
        url: url,
        method: "GET",
        headers: { "Accept": "application/json; odata=verbose" },
        success: successListHandler,
        error: errorListHandler
    });
}
//Success List
function successListHandler(data) {
    var lists = data.d.results;
    $('#lblResultLists').html("<b>Via REST the lists are:</b><br/>");
    var listsHtml = $.each(lists, function (index, list) {
        $('#lblResultLists').append(list.Title + " (" + list.ItemCount + ")<br/>");
    });
}
//Error Lists
function errorListHandler(data, errorCode, errorMessage) {
    $('#lblResultLists').html("Could not complete REST call: " + errorMessage);
}

Now let’s run the App

You have learnt two ways of doing a Cross Domain call using REST. One way is the correct way recommend by Microsoft. The other way is a way I found, but I’m unsure if this is a valid way. It works and sometimes that’s all that matters.

Error with Ribbon Buttons and redeploying SharePoint 2013 Apps

Posted on April 11, 2013 by cann0nf0dder

While doing a SharePoint hosted app, I wanted to add a button to the ribbon in the host web, that when clicked it would take me to the App, and pass in some tokens. Creating buttons for the ribbon in Visual Studio 2012 is a lot nicer now. You just add a new item and select “Ribbon Custom Action” from the Add New Item dialog. This takes you through a wizard to create the button.

After you have created your wizard, you will get the Elements.xml file that you used to have to hand crank yourself in Visual Studio 2010 and SharePoint 2010.

You will have noticed in the XML I have changed the CommandAction from “~appWebUrl/Pages/Default.aspx?” to “~appWebUrl/Pages/Default.aspx?{StandardTokens}&SelectedList={SelectedListId}&SelectedItems={SelectedItemId}”. This is so when I click the button on the List in the host web, it will redirect to the app and pass in the List ID and any selected items ID from the list. Full list of string tokens can be found on MSDN http://msdn.microsoft.com/en-us/library/jj163816.aspx . I deployed my app, went to an Announcement list, selected 2 items, clicked the Demo Ribbon button, and it redirected me to the app, and I could see in my URL the ID for the List, and ID’s of the two selected items.

I retracted the app by stopping debugging in Visual Studio. Now I proved my button worked, I wanted to update the JavaScript in App.js to handle my List ID and Selected Item ID’s. I made some changes to the App.js and redeployed my App again. I navigated to the Announcement list again, selected some items and click the button again. But then…

The JavaScript wasn’t even being hit, so what was going on? It wasn’t until I changed the CommandAction in the button’s element.xml back to the default ~appWebUrl/Pages/Default.aspx?{StandardTokens}, run the app again, and got the exact same message that made me realise that the button is cached in the browser. When you first deploy it to SharePoint, the ~appWebUrl is converted to the actual App Web URL. The next time you redeploy your app, the URL is a different address, but the details about the button are cached pointing to the old URL. Annoyingly the only way to fix, is to clear the cache in IE before each deployment.

Go to Internet Options > General > Browsing History > Delete… select Temporary Internet files and website files and click delete.
Close all IE Browsers and then re deploy your app. Your button will now work again.

Accessing Taxonomy Term Store with JSOM

Posted on April 9, 2013 by cann0nf0dder

This blog will show you how to access the Taxonomy Term Store, how to iterate through all the items. How to add a Group, TermSet and Term, and lastly how to delete them. The Taxonomy Term store can be accessed in a SharePoint App, with permission scope of Taxonomy. If you wish to make changes to the Taxonomy Term Store then you will need to ensure to give Write permission. To be able to use the JSOM API for Taxonomy you need to reference SP.Taxonomy.js found in _layouts/15/ the best way to reference this would be in the document ready.


$(document).ready(function () {

var scriptbase = _spPageContextInfo.webServerRelativeUrl + "/_layouts/15/";

$.getScript(scriptbase + "SP.Runtime.js",

function () {

$.getScript(scriptbase + "SP.js", function () {

$.getScript(scriptbase + "SP.Taxonomy.js", function () {

context = SP.ClientContext.get_current();

//Call your code here.

getTermStores();

});

});

});

});

Reading from Taxonomy

Obtaining All the Term Stores.

Typically there is only one term store per web application, but there is always a chance there is more than one. You can get the term store by name if you know it.


function getTermStores() {

    session = SP.Taxonomy.TaxonomySession.getTaxonomySession(context);

    termStores = session.get_termStores();

    context.load(session);

    context.load(termStores);

    context.executeQueryAsync(

function(){

termStoresEnum = termStores.getEnumerator();

      var termStores = "Term Stores: /n";

      while (termStoresEnum.moveNext()) {

        var currentTermStore = termStoresEnum.get_current();

        var termStoreID = currentTermStore.get_id();

        var termStoreName = currentTermStore.get_name();

termStores += "Name: " + termStoreName + " ID:" + termStoreID;

}


}, function(){

//failure loading termstores.

});

}

Get the default TermStore

There is also a method to .getDefaultSiteCollectionTermStore(). See my post getDefaultSiteCollectionTermStore() – JavaScript runtime error: Unable to get property ‘toString’ of undefined or null reference if you get a JavaScript error if you try to access any properties after a successful callback.


function defaultTermStore() {

session = SP.Taxonomy.TaxonomySession.getTaxonomySession(context);

termStore = session.getDefaultSiteCollectionTermStore();

context.load(session);

context.load(termStore);

context.executeQueryAsync(successDefaultTermStore, failedListTaxonomySession);

}

Obtaining all the groups for a TermStore

To retrieve all the groups from within a Term Store, you need to have the Term Store ID. You can get any Group by knowing the ID using termStore.getGroup().


function showGroups(termStoreId) {

var termStoresEnum = termStores.getEnumerator();

//Loop through termstores.

while (termStoresEnum.moveNext()) {

var currentTermStore = termStoresEnum.get_current();

//If match load the TermStore.

if (currentTermStore.get_id().toString() == termStoreId.toString()) {

context.load(currentTermStore);

context.executeQueryAsync(

function () {

//Get Groups and load them.

groups = currentTermStore.get_groups();

context.load(groups);

context.executeQueryAsync(

function () {

var groupList = "Groups: \n";

var groupsEnum = groups.getEnumerator();

//Loop through each group.

while (groupsEnum.moveNext()) {

var currentGroup = groupsEnum.get_current();

var groupName = currentGroup.get_name();

var groupId = currentGroup.get_id();

groupList += groupName + ": " + groupId + "\n";

}

alert(groupList);

}, function () {

//failure loading groups

});

}, function () {

//failure loading termStore

});

break;

}

}

}

Obtaining all the TermSets for a Group

To retrieve all the term sets from within a Group, you need to have the Group ID. You can get any TermSet by knowing the ID using termStore.getTermSet(<GUID>).


function showTermSets(groupId) {

//we need to load and populate the matching group first, or the term sets that it contains will be inaccessible to our code.

var groupEnum = groups.getEnumerator();

while (groupEnum.moveNext()) {

var currentGroup = groupEnum.get_current();

if (currentGroup.get_id() == groupId) {

context.load(currentGroup);

context.executeQueryAsync(

function(){

//Get Term Sets and load them.

var termSets = currentGroup.get_termSets();

context.load(termSets);

context.executeQueryAsync(

function(){

var termSetEnum = termSets.getEnumerator();

var termSetList = "Term Sets: \n"

while(termSetEnum.moveNext()){

var currentTermSet = termSetEnum.get_current();

var termSetName = currentTermSet.get_name();

var termSetId = currentTermSet.get_id();

termSetList += termSetName + ": " + termSetId + "\n";

}

alert(termSetList);

},

function(){

//Failure loading Term Sets

});

},

function () {

//Failure loading Group.

});

break;

}

}

}

Obtaining all the Terms for a group.

Terms are not as easy to grab, due to the fact that each Term can have a child term, and them terms have children themselves. Therefore in the following code we need a recursive method to ensure we loop through. You can get any Term (from any level) of a Term Set by knowing the ID using termSet.getTerm(<GUID>).


var termsList = "Terms: \n"

function showTerms(termSetId) {

//We need to load and populat the matching Term Set first.

var termSetEnum = termSets.getEnumerator();

while (termSetEnum.moveNext()) {

var currentTermSet = termSetEnum.get_current();

if (currentTermSet.get_id() == termSetId) {

//If termSet Matches, then get all terms.

context.load(currentTermSet);

context.executeQueryAsync(

function () {

//Load terms

var terms = currentTermSet.get_terms();

context.load(terms);

context.executeQueryAsync(

function () {

var termsEnum = terms.getEnumerator();

while (termsEnum.moveNext()) {

var currentTerm = termsEnum.get_current();

var termName = currentTerm.get_name();

var termId = currentTerm.get_id();

termsList += termName + ": " + termId;


//Check if term has child terms

if (currentTerm.get_termsCount() > 0) {

//Term has sub terms.

recursiveTerms(currentTerm, 1);

}

alert(termList);

}

},

function () {

//failure to load terms.

});

},

function () {

//failure to load current term set

});

break;

}

}

}

function recursiveTerms(currentTerm, nestedLoop) {

//Loop count for formatting purpose.

var loop = nestedLoop + 1;

//Get Term child terms

var terms = currentTerm.get_terms();

context.load(terms);

context.executeQueryAsync(

function () {

var termsEnum = terms.getEnumerator();

while (termsEnum.moveNext()) {

var newCurrentTerm = termsEnum.get_current();

var termName = newCurrentTerm.get_name();

termId = newCurrentTerm.get_id();


//Tab Out format.

for (var i = 0; i < loop; i++) {

termsList += "\t";

}

termsList += termName + ": " + termId;

//Check if term has child terms.

if (currentTerm.get_termsCount() > 0) {

//Term has sub terms.

recursiveTerms(newCurrentTerm, loop);

}

}

},

function () {

//failure to load terms

});

}

Adding to Taxonomy

Adding a Group to the Term Store.

As long as you have the Term Store ID, this is very simple piece of code.


function addGroup(termStoreId) {

var groupName = "My New Group"

var newGuid = new SP.Guid.newGuid();


var termStore = termStores.getById(termStoreId);

var newGroup = termStore.createGroup(groupName, newGuid.toString());

context.load(newGroup);

context.executeQueryAsync(function () {

//success

},

function () {

//failed

});

}

Adding a Term Set to a Group.

You will need the ID to both the Term Store and the Group to perform this function.


function addTermSet(termStoreId, groupId) {

var termSetName = "New TermSet Name"

var newGuid = new SP.Guid.newGuid();


var termStore = termStores.getById(termStoreId);

var group = termStore.getGroup(groupId);

var newTermSet = group.createTermSet(termSetName, newGuid.toString(), 1033);


context.load(newTermSet);

context.executeQueryAsync(function () {

//success

},

function () {

//failed

});

}

Adding a Term to a Term Set.

You will need the ID to both the Term Store and the Term Set to perform this function.


function addTerm(termStoreId, termSetId) {

var termName = "My New Term"

var newGuid = new SP.Guid.newGuid();


var termStore = termStores.getById(termStoreId);

var termSet = termStore.getTermSet(termSetId);

var newTerm = termSet.createTerm(termName, 1033, newGuid.toString());


context.load(newTerm);

context.executeQueryAsync(function () {

//Success

},

function () {

//failed

});

}

Adding a Child Term to a Term.

To add a child term, you need to be aware of the Parent Term ID, as well as the Term Store ID and Term Set it belongs to.


function addSubTerm(termStoreId, termSetId, parentTermId) {

var termName = "My Child Term"

var newGuid = new SP.Guid.newGuid();


var termStore = termStores.getById(termStoreId);

var termSet = termStore.getTermSet(termSetId);

var parentTerm = termSet.getTerm(parentTermId);


var newTerm = parentTerm.createTerm(termName, 1033, newGuid.toString());


context.load(newTerm);

context.executeQueryAsync(function () {

//Success

},

function () {

//failed

});

}

Deleting from Taxonomy

Removing Group from Term Store.

With the ID of the Term Store and Group you can successfully delete a group from a Term Store. However, you can only delete a group if there are no term sets within it. Trying so will cause the error “The group has one or more term sets and cannot be deleted. Move or delete all term sets from the group before deleting the Group.” In my example code below I haven’t tested for this for simplicity.


function removeGroup(termStoreId, groupId) {

var termStore = termStores.getById(termStoreId);

var group = termStore.getGroup(groupId);

group.deleteObject();

context.executeQueryAsync(function () {

//success

},

function () {

//failed.

});

}

Removing Term Set from Group.

Needing 3 IDs. Term Store, Group and Term Set you can delete Term Set from the group. If there are terms these will also be deleted, and if they were used within your site they will become orphaned. It might be a good idea to present this warning to your users before allowing the deletion. In my example below I haven’t given this warning for simplicity.


function removeTermSet(termStoreId, groupId, termSetId) {

var termStore = termStores.getById(termStoreId);

var termSet = termStore.getTermSet(termSetId);


termSet.deleteObject();

context.executeQueryAsync(function () {

//success

},

function () {

//failed

});

}

Removing Term from Term Set or Parent Term

This method will take care of deleting a Term from any level. Mainly because when you call getTerm(<GUID>) you do so from the Term Set. It doesn’t matter where it is in the term stack, it can be found. Requiring just Term Store, Term Set and Term IDs.


function removeTerm(termStoreId, termSetId, termId) {

var termStore = termStores.getById(termStoreId);

var termSet = termStore.getTermSet(termSetId);

var term = termSet.getTerm(termId);


term.deleteObject();

context.executeQueryAsync(function () {

//success

},

function () {

//failed.

});

}

Hopefully the above will give you enough to be able to manipulate/obtain information from the Term Store through a SharePoint App, or just by using JavaScript.

Building Your SharePoint 2013 development machine on Windows Server 2012 – Part 7 – Configuring Hosting Apps

Posted on December 16, 2012 by cann0nf0dder

UPDATE: SharePoint 2016 development machine

I am doing a collection of blog posts, you can access the other parts of this post below.

Part 1 – Introduction
Part 2 – Setting up and configuring Host Computer using Hyper V and a Wireless Network
Part 3 – Building a base disk to use for differencing disks.
- Installing Windows Server 2012
- Installing SQL 2012
- Installing Office 2013
- Installing Visual Studio
- Setting up the Menu
- Syspreping
Part 4 – Installing Active Directory
Part 5 – Configuring SQL 2012 ready for SharePoint 2013 and Kerberos.
Part 6 – Installing SharePoint 2013
Part 7 – Configuring Hosting Apps
Part 8 – Configuring My Sites and User Profiles
Part 9 – Configuring Workflow
Part 10 – Setting up Visual Studio

In this blog I will talk about setting up your environment for Hosting Apps. The best blog I have found out there is by Mirjam (SharePointChick). The first attempt I did at setting up an App Host I used Mirjam blog to help me.

There are 3 choices here. Create a New Domain, a Subdomain or create a new wildcard so all requests for http://*.cannonfodder.local will be forwarded to our SharePoint machine. The last option is mentioned in Critical Path Training SharePoint 2013 Virtual Machine Setup on Windows Server 2008 R2, and is a perfectly valid option for single development machine. As you only have one machine, all requests can go to it. This step by step guide I’m doing also is a single machine, however I don’t know if in the future if I will create another machine in my domain, maybe an exchange server, even an Office Web App server. Also by creating a separate domain helps prevent cross-site scripting between apps and SharePoint sites. Therefore my instructions are following Mirjam’s blog, and creating a new Domain.

Configuring Hosting Apps

First we need to configure DNS.

From the Start Menu, type DNS, and open the application.
In the Left Hand panel, right click Forward Lookup Zones and select New Zone… Click Next
Keep the Primary zone selected and Store the zone in Active Directory ticked. Click Next >
Leave the option To all DNS servers running on domain controllers in this domain: cannonfodder.local. Click Next >
Here you enter the domain name, type cfapps.com. Click Next >.
Leave the top option selected and click Next >
Click Finish. You will see your new domain showing in the Forward Lookup Zones in DNS.
Now right click on cfapps.com and select New Host (A or AAAA)…
Type * for Name
Set the IP address as the IP Address of the server. In my case 192.168.137.99

As Mirjam states in her blog, if you are using more than one server in a Network Load Balance environment, point the DNS record of the primary cluster address for the NLB environment.

Now if you open a command window and type in nslookup something.cfapps.com it will resolve to your server.

While we are here, we should also create the Hosts for two sites we will be creating later.
1. Still with DNS Manager in the left panel, right click cannonfodder.local within the Forward Lookup Zones and right click to create a New
  host (A or AAAA)…
2. Type Dev in the Name, and set the IP address to the IP address of the server. In my case 192.168.137.99. Click Add Host.
3. Repeat steps 1 and 2, but type Intranet in the name, and set the IP Addess to 192.168.137.99
4. Within the Command prompt, type ipconfig /flushdns.
5. While you are in the Command prompt, we should also set up the Kerberos for the sites. Type the following
  setspn –S HTTP/cannonfodder.local cannonfodder\SP_Content
  setspn –S HTTP/dev.cannonfodder.local cannonfodder\SP_Content
  setspn –S HTTP/intranet.cannonfodder.local cannonfodder\SP_Content

Configuring SharePoint Server 2013 for Host-Named Site Collection and create Initial Site Collections.

Here we are going to create Host Named Site Collection (HNSC) for testing and hosting our apps. Microsoft recommends this, and more can be found out directly from the technet article: http://technet.microsoft.com/en-us/library/cc424952.aspx . The only way you can create HNSC is via powershell. So this is what we are going to do, after we have removed the original Web Application created when SharePoint Wizard was run. It is also using the wrong service account of SP_Services. We also need to register SP_Content as a manage account.

Register SP_Content

From the Start menu, type Central Administration and open the link.
Select Security > Configure managed Accounts.
Click Register Managed Account
Type UserName as cannonfodder\SP_Content and the password as Pa55w0rd. Then click OK.

Create a new Web Application

Select Application Management > Mange Web Applications.
Select the Web Application SharePoint – 80 the URL of this is http://cannonfodderser/
On the Ribbon, click Delete. A dialog will appear, say Yes to both Delete content databases and Delete IIS web sites. Then click Delete. Click OK to the warning.
In the ribbon click on New.
In the Create New Web Application dialog leave Create a new IIS web site selected and type the name as SharePoint HNSC Host, leave the port as 80.
For simplicity in finding the Web Applications, I put the path on a different drive. D:\VirtualDirectory\HNSC
Under Claims Authentication Types set the Intergrated Windows Authentication to Negotiate (Kerberos)
Under Application Pool, select Create new application pool, and set the name as SPContent App Pool, select Configurable radio button and select Cann0nf0dder\SP_Content.
Under Database Name and Authentication set the Database Name to SP_DEV_HNSC.
Scroll down to the bottom and click OK.
When SharePoint asks you create a Site Collection, just click OK, as we are going to create the Site Collection by Powershell.

Creating the Site Collections.

Here we are going to create a TeamSite called Intranet.cannonfodder.local and a Developer Site called dev.cannonfodder.local. Please note you can only create, debug and test apps using a developer site. You could type the Powershell into notepad, save the file as a PS1 and run it from the SharePoint 2013 Management Shell, instead of typing each row directly into the SharePoint 2013 Management Shell.

From the Start Menu, type SharePoint 2013 Management Shell, and open the application.

Type

$hnsc = Get-SPWebApplication | Where-Object {$_.DisplayName –eq &quot;SharePoint HNSC Host&quot;}
New-SPSite –Name &quot;Root HNSC Site Collection&quot; –Url http://cannonfodder.local –HostHeaderWebApplication $hnsc –OwnerAlias &quot;Cannonfodder\Administrator&quot;
New-SPSite –Name &quot;Cannonfodder Development&quot; –Url http://dev.cannonfodder.local –HostHeaderWebApplication $hnsc –Template &quot;DEV#0&quot; –OwnerAlias &quot;Cannonfodder\Administrator&quot;
New-SPSite –Name &quot;Cannonfodder Intranet&quot; –Url http://intranet.cannonfodder.local –HostHeaderWebApplication $hnsc –Template &quot;STS#0&quot; –OwnerAlias &quot;Cannonfodder\Administrator&quot;

Update Internet Explorer to Bypass the URL to log in automatically.

On the Start Menu, type Internet Explorer and open the application. (To avoid opening the Windows Server 2012 App version of Internet Explorer, right click on the icon and select Pin to task bar, then on the desktop you can click the link)
Click the Cog icon in the top right corner of the screen, and select Internet Options.
On the Security tab, select Local Intranet and click the Sites button.
Untick Automatically dectect intranet network.
Click the button Advanced and add the following entries to the exception list.
1. http://*.cannonfodder.local
2. http://*.cfapps.com
3. http://cannonfodderser
Click Close, Click OK.
Now click on Trusted sites, click sites and remove http://cannonfodderser from Trusted sites. (Need to do this because we enabled Kerberos on Central Administration, when Automatically Dectect intranet network was untick, I discovered the http://cannonfodderser was added to trusted sites, and unfortunately when the URL is in trusted sites, Kerberos ingrated authentication does not work.

Configuring SharePoint 2013 for Hosting Apps.

I would recommend to copy the following powershell script and run it as a ps1 file.

From the Start Menu, type SharePoint 2013 Management Shell.

Run the Script.

$appHostDomain = &quot;cfapps.com&quot;

$adminService = Get-Service -Name spadminv4

if ($adminService.Status -ne &quot;Running&quot;)
{
Start-Service $adminService
}

$timerService = Get-Service -Name sptimerv4
if ($timerService.Status -ne &quot;Running&quot;)
{
Start-Service $timerService
}

Set-SPAppDomain $appHostDomain

$appMgmtSvcInstance = Get-SPServiceInstance | Where-Object { $_.GetType().Name -eq &quot;AppManagementServiceInstance&quot; }

if ($appMgmtSvcInstance.Status -ne &quot;Online&quot;)
{
Start-SPServiceInstance -Identity $appMgmtSvcInstance
}

$appSubSettingSvcInstance = Get-SPServiceInstance | Where-Object { $_.GetType().Name -eq &quot;SPSubscriptionSettingsServiceInstance&quot;}

if ($appSubSettingSvcInstance.Status -ne &quot;Online&quot;)
{
Start-SPServiceInstance -Identity $appSubSettingSvcInstance
}

$appPoolSvcApps = Get-SPServiceApplicationPool -Identity &quot;SharePoint Web Services Default&quot;

$appSubSvc = New-SPSubscriptionSettingsServiceApplication –ApplicationPool $appPoolSvcApps –Name &quot;Settings Service Application&quot; –DatabaseName SP_SettingsServiceDB

$proxySubSvc = New-SPSubscriptionSettingsServiceApplicationProxy –ServiceApplication $appSubSvc

$appAppSvc = New-SPAppManagementServiceApplication -ApplicationPool $appPoolSvcApps -Name &quot;App Management Service Application&quot; -DatabaseName SP_AppServiceDB

$proxyAppSvc = New-SPAppManagementServiceApplicationProxy -ServiceApplication $appAppSvc

Set-SPAppSiteSubscriptionName -Name &quot;app&quot; -Confirm:$false

To verify the script configured SharePoint 2013 correctly Open Central Administration.
1. Under Application Management click Manage Service Applications.
2. You should have two new service applications created.
  1. App Management Service Application
  2. Settings Service Application
3. Now navigate to System Settings by clicking the link on the left menu.
4. Under Servers click the link Manage Services on Server.
5. Check that the following services have started:
  1. App management service
  2. Microsoft SharePoint Foundation Subscription Settings Service.
6. On the left hand menu, click on Apps
7. Under App Management, click the link Configure App URLs
8. Verify that:
  1. App Domain: cfapps.com
  2. App Prefix: app

Your SharePoint server is now setup for apps. We will verify this in the next step.

Checking that Apps are now set up for your farm

Open up your intranet site. http://intranet.cannonfodder.local
At the top right of the screen Site Settings
from SharePoint 2010 has been moved from the left back to the right (like SharePoint 2007) but now is a cog icon.
Click the Cog Icon and select Add an App.
On the App page, click SharePoint Store.
First time you hit the page, you will get the error message that you need to select a language. In the top right select English (United States)
If you have connected up correctly you will now see Apps that you can download from the SharePoint Store.
Pick a free one to install. I’m picking myFAQ. Click on the Icon of the app.
You now have the option to ADD IT. Click Add It.
You will need to sign in with a Microsoft Account.
Click Continue. To confirm you wish to add the App. Take note of the URL here, you are no longer in your SharePoint site.
After you have click OK, your new app will start downloading, and you will be back in your site. The page will inform you that you have this app for everyone in your organization. Click Return to Site.
A prompt will appear, asking if you trust the application. Click Trust It.
After a moment you will be returned to your Site Contents. You will also note that your app that you downloaded is currently being added to your site.

Once completed the adding text will disappear.
Click on the App. It will load. Take note of the url. It is being called from the domain you created earlier cfapps.com. Congratulations you have got Apps working in your Development SharePoint 2013 machine.

Updating Client Secret

Connect to Azure-AD

Getting the Add-in as a Service Principal

Create a new Secret

Create Key Credentials and Password Credential for the App

Removing the original Key and Password Credential for the App

Connecting with AZ Cli Workaround

Full Script

Share this:

Configuring Hosting Apps

Configuring SharePoint 2016 for Hosting Apps

Configuring SharePoint Server 2013 for Host-Named Site Collection and create Initial Site Collections.

Register SP_Content

Create a new Web Application

Configuring the Alternative Access Mapping

Add certificates to IIS

Creating the Top level Site

Site Collections

To verify that the host-name site collections are created:

Configuring SSL for Apps

Add Apps to your Intranet Zone.

Checking that Apps are new set up for your farm

Share this:

Report on Client ID expiry dates.

Generate a new secret for another year.

Generate a new secret for 3 years.

Updating the remote web application using the new secret

Time to propagate Client Secret to SharePoint

Deleting expired client secrets

Share this:

What is a dependency column?

The Demo

Creating the Customer List

Reference

Link to Visual Studio Project

Share this:

Share this:

Share this:

Cannot see feeds?

Cross Domain project

Cross domain call without using SP.RequestExecutor.js

Share this:

Share this:

Reading from Taxonomy

Obtaining All the Term Stores.

Get the default TermStore

Obtaining all the groups for a TermStore

Obtaining all the TermSets for a Group

Obtaining all the Terms for a group.

Adding to Taxonomy

Adding a Group to the Term Store.

Adding a Term Set to a Group.

Adding a Term to a Term Set.

Adding a Child Term to a Term.

Deleting from Taxonomy

Removing Group from Term Store.

Removing Term Set from Group.

Removing Term from Term Set or Parent Term

Share this:

Configuring Hosting Apps

Configuring SharePoint Server 2013 for Host-Named Site Collection and create Initial Site Collections.

Configuring SharePoint 2013 for Hosting Apps.

Checking that Apps are now set up for your farm

Share this: