About this topic there are several guides. I can’t say that I have to add anything new 😉 But… as always… this blog is a kind of notebook for me. So I post this small guide.
1. You need to have or create a certificate that is used as “security token issuer”. This certificate can be created using IIS Manager or any other tool.
I use “XCA” (http://xca.sourceforge.net/). With that tool you can create your own Certification Authority. (Of course you can use the Windows Server Certification Authority.) – I use XCA because it’s easy to manage this kind of certificates there and I use the certificates on several dev machines.
If you do so too you need to create a root certificate for your Certification Authority and install it in the “Trusted Root Certification Authrities” of your Local Computer (not only your personal cert store).
2. The first step is to register (or create) the certificate within IIS Manager:
Right click on the server node and choose “Server Certificates”.
Use “Import” to apply an existing certificate. Or use “Create Self-Signed Certificate” to create a new certificate.
This are the steps to create a new self-signed certificate:
After commit (“OK”) you need to export the certificate with private key and a second time without private key.
3. Open Visual Studio 2012. Create a new project:
For “Issuer ID” you need to create a GUID using Visual Studio or PowerShell. Here is the PowerShell way:
Copy to output into the dialog in Visual Studio 2012.
4. Open a Windows PowerShell ISE, create a new PowerShell script file and copy the following code to it. Most of the code comes from here: http://msdn.microsoft.com/en-us/library/fp179901.aspx. With some additions from Steve Peschka’s Blog articles: http://blogs.technet.com/b/speschka/archive/2012/09/27/another-apps-for-sharepoint-tip-with-the-error-quot-the-issuer-of-the-token-is-not-a-trusted-issuer-quot.aspx and http://blogs.technet.com/b/speschka/archive/2012/11/01/more-troubleshooting-tips-for-high-trust-apps-on-sharepoint-2013.aspx.
###http://msdn.microsoft.com/en-us/library/fp179901.aspx $publicCertPath = "C:\root\High_Trust_App_1.cer" #$issuerId = [System.Guid]::NewGuid().ToString() $issuerId = ([Guid]"4729b8e2-073a-47f0-8538-105ec865f3d2").ToString() $spurl ="http://sharepoint.local" $spweb = Get-SPWeb $spurl $sc = Get-SPServiceContext $spweb.site $realm = Get-SPAuthenticationRealm -ServiceContext $sc $certificate = Get-PfxCertificate $publicCertPath $fullIssuerIdentifier = $issuerId + '@' + $realm New-SPTrustedSecurityTokenIssuer -Name $issuerId -Certificate $certificate -RegisteredIssuerName $fullIssuerIdentifier –IsTrustBroker iisreset write-host "Full Issuer ID: " -nonewline write-host $fullIssuerIdentifier -ForegroundColor Red write-host "Issuer ID for web.config: " -nonewline write-host $issuerId -ForegroundColor Red #Disable OAuth HTTPS requirement FOR DEV!! $serviceConfig = Get-SPSecurityTokenServiceConfig $serviceConfig.AllowOAuthOverHttp = $true $serviceConfig.Update() New-SPTrustedRootAuthority -Name "$($certificate.Subject)_$($certificate.Thumbprint)" -Certificate $certificate
Be sure to change any parameter that does not fit your environment. After that the script should look like this:
The following script lines are needed in order to get it working using a SharePoint site without SSL!!
$serviceConfig = Get-SPSecurityTokenServiceConfig
$serviceConfig.AllowOAuthOverHttp = $true
If you use SSL (e.g. https://sharepoint.local) you can skip this.
No other steps are required. I’ve tested this several times with always fresh SP 2013 environments because I had some difficulties to get this set up.
5. At this point I have not changed anything in Visual Studio after creating the project(s) (there are two) through the wizard.
Check the “web.config” file in you web project.
There you find the issuer ID again.
6. Now run the project. You need to trust the app.
It really helped me…So I have a question. If I want to host the web on the IIS Server, are the steps same?
Thanks!!! Have work on this for 2 days now…and your solution works perfekt!!
Can i use this for migrating .net 4.0 application to sharepoint2013.
Please suggest me.
i hame problem to deploy app to IIS
in iis express with its credentials everything is ok but when i create website in IIS and run app it return access denied message
Have you solved this issue? I am also running into the same problem…
Thanks a lot for informative blog. Most of my concepts got cleared fro Provider-Hosted APP.
I created a Sharepoint app in visual studion that perform crud operation on sharepoint but it work locally but from IIS it generating object reference error. please provide information in detail.
Hi thanks in advance,
I am having an issue with share Point hightrust provider hosted app and app part.
1. My app part is displaying a custom MVC web application which is configured with corresponding valid certification and keys and it is working fine when placed on a share point site page.
2. I am being prompted with windows credentials for twice and i am able to see the web application in apppart on SP site page.
Issue : 1. when i sign in as different user in share point site, user name in the app part – displays old user name which has to be updated with newly logged in user. share point site show newly logged in name different and app part displays old logged in user name.
Please help me in this regard.