About this topic there are several guides. I canât say that I have to add anything new đ But⌠as always⌠this blog is a kind of notebook for me. So I post this small guide.
1. You need to have or create a certificate that is used as âsecurity token issuerâ. This certificate can be created using IIS Manager or any other tool.
I use âXCAâ (http://xca.sourceforge.net/). With that tool you can create your own Certification Authority. (Of course you can use the Windows Server Certification Authority.) – I use XCA because itâs easy to manage this kind of certificates there and I use the certificates on several dev machines.
If you do so too you need to create a root certificate for your Certification Authority and install it in the âTrusted Root Certification Authritiesâ of your Local Computer (not only your personal cert store).
2. The first step is to register (or create) the certificate within IIS Manager:
Right click on the server node and choose âServer Certificatesâ.
Use âImportâ to apply an existing certificate. Or use âCreate Self-Signed Certificateâ to create a new certificate.
This are the steps to create a new self-signed certificate:
After commit (âOKâ) you need to export the certificate with private key and a second time without private key.
3. Open Visual Studio 2012. Create a new project:
For âIssuer IDâ you need to create a GUID using Visual Studio or PowerShell. Here is the PowerShell way:
Start PowerShell.
Enter:
[guid]::newguid().tostring().tolower()
Copy to output into the dialog in Visual Studio 2012.
4. Open a Windows PowerShell ISE, create a new PowerShell script file and copy the following code to it. Most of the code comes from here: http://msdn.microsoft.com/en-us/library/fp179901.aspx. With some additions from Steve Peschkaâs Blog articles: http://blogs.technet.com/b/speschka/archive/2012/09/27/another-apps-for-sharepoint-tip-with-the-error-quot-the-issuer-of-the-token-is-not-a-trusted-issuer-quot.aspx and http://blogs.technet.com/b/speschka/archive/2012/11/01/more-troubleshooting-tips-for-high-trust-apps-on-sharepoint-2013.aspx.
###http://msdn.microsoft.com/en-us/library/fp179901.aspx $publicCertPath = "C:\root\High_Trust_App_1.cer" #$issuerId = [System.Guid]::NewGuid().ToString() $issuerId = ([Guid]"4729b8e2-073a-47f0-8538-105ec865f3d2").ToString() $spurl ="http://sharepoint.local" $spweb = Get-SPWeb $spurl $sc = Get-SPServiceContext $spweb.site $realm = Get-SPAuthenticationRealm -ServiceContext $sc $certificate = Get-PfxCertificate $publicCertPath $fullIssuerIdentifier = $issuerId + '@' + $realm New-SPTrustedSecurityTokenIssuer -Name $issuerId -Certificate $certificate -RegisteredIssuerName $fullIssuerIdentifier âIsTrustBroker iisreset write-host "Full Issuer ID: " -nonewline write-host $fullIssuerIdentifier -ForegroundColor Red write-host "Issuer ID for web.config: " -nonewline write-host $issuerId -ForegroundColor Red #Disable OAuth HTTPS requirement FOR DEV!! $serviceConfig = Get-SPSecurityTokenServiceConfig $serviceConfig.AllowOAuthOverHttp = $true $serviceConfig.Update() New-SPTrustedRootAuthority -Name "$($certificate.Subject)_$($certificate.Thumbprint)" -Certificate $certificate
Be sure to change any parameter that does not fit your environment. After that the script should look like this:
The following script lines are needed in order to get it working using a SharePoint site without SSL!!
$serviceConfig = Get-SPSecurityTokenServiceConfig
$serviceConfig.AllowOAuthOverHttp = $true
$serviceConfig.Update()
If you use SSL (e.g. https://sharepoint.local) you can skip this.
No other steps are required. Iâve tested this several times with always fresh SP 2013 environments because I had some difficulties to get this set up.
5. At this point I have not changed anything in Visual Studio after creating the project(s) (there are two) through the wizard.
Check the âweb.configâ file in you web project.
There you find the issuer ID again.
6. Now run the project. You need to trust the app.