On-Premises Provider-hosted Apps – Part II

Posted on Updated on

Part IOn-Premises Provider-hosted Apps – Creating a Task List and Fundamental Configurations

Part II – Creating a High Trust relationship between your Web Application and SharePoint 2013

In Order to provide a trusted relation between your Web Application and SharePoint, you must tell that your website created in Part I is secure and can be added to the App Catalog and communicate with your Iframe within the Application Part of your Visual Studio project.

Task List

  1. Ensure that your have a non “sharepoint\system” user, eg: “DOMAIN\SP_Apps”
  2. Ensure that the User is part of the Site Collection Administrator in the App Calalog and Target Sharepoint Site
  3. Ensure that the User in the IIS Application Pool for the App Catalog and Target SharePoint Site have Full Control over the folder that have the Certificates
  4. Ensure that your GUID in the Powershell Command is in Lowercase, stupid? ya, but can have some issues

Creating the Full Thrust

if ( (Get-PSSnapin -Name Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue) -eq $null )
    Add-PsSnapin Microsoft.SharePoint.PowerShell
$CertPath = "C:\Certs\ProviderHostedApps.cer"
$CertName = "ProviderHostedApps"
#create certificate from cer file
$certificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($CertPath)
# Make the certificate a trusted root authority in SharePoint
New-SPTrustedRootAuthority -Name $CertName -Certificate $certificate 
# Get the GUID of the authentication realm
$realm = Get-SPAuthenticationRealm
# Generate a unique specific issuer ID
$specificIssuerId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
# Create full issuer ID in the required format
$fullIssuerIdentifier = $specificIssuerId + '@' + $realm 
Write-Host $fullIssuerIdentifier
$tokenIssuerName = "ProviderHostedApps Hi-Trust Apps " + $specificIssuerId
Write-Host $tokenIssuerName
# Register the token issuer
New-SPTrustedSecurityTokenIssuer -Name $tokenIssuerName -Certificate $certificate -RegisteredIssuerName $fullIssuerIdentifier -IsTrustBroker
Write-Host "ProviderHostedApps Issuer ID:" $specificIssuerId
Write-Host "You're about to do a iisreset. Press any key to continue or CTRL+C to cancel."

Now go to Central Administration


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s