Create Provider Hosted High Trust App for SharePoint 2013 (Short Guide)

About this topic there are several guides. I can’t say that I have to add anything new 😉 But… as always… this blog is a kind of notebook for me. So I post this small guide.

1. You need to have or create a certificate that is used as “security token issuer”. This certificate can be created using IIS Manager or any other tool.

I use “XCA” (http://xca.sourceforge.net/). With that tool you can create your own Certification Authority. (Of course you can use the Windows Server Certification Authority.) – I use XCA because it’s easy to manage this kind of certificates there and I use the certificates on several dev machines.

If you do so too you need to create a root certificate for your Certification Authority and install it in the “Trusted Root Certification Authrities” of your Local Computer (not only your personal cert store).

image

2. The first step is to register (or create) the certificate within IIS Manager:

Right click on the server node and choose “Server Certificates”.

image

Use “Import” to apply an existing certificate. Or use “Create Self-Signed Certificate” to create a new certificate.

image

This are the steps to create a new self-signed certificate:

image

After commit (“OK”) you need to export the certificate with private key and a second time without private key.

image

image

image

image

image

image

image

image

3. Open Visual Studio 2012. Create a new project:

image

image

image

For “Issuer ID” you need to create a GUID using Visual Studio or PowerShell. Here is the PowerShell way:

Start PowerShell.

image

Enter:

[guid]::newguid().tostring().tolower()

image

Copy to output into the dialog in Visual Studio 2012.

image

4. Open a Windows PowerShell ISE, create a new PowerShell script file and copy the following code to it. Most of the code comes from here: http://msdn.microsoft.com/en-us/library/fp179901.aspx. With some additions from Steve Peschka’s Blog articles: http://blogs.technet.com/b/speschka/archive/2012/09/27/another-apps-for-sharepoint-tip-with-the-error-quot-the-issuer-of-the-token-is-not-a-trusted-issuer-quot.aspx and http://blogs.technet.com/b/speschka/archive/2012/11/01/more-troubleshooting-tips-for-high-trust-apps-on-sharepoint-2013.aspx.

###http://msdn.microsoft.com/en-us/library/fp179901.aspx

$publicCertPath = "C:\root\High_Trust_App_1.cer"

#$issuerId = [System.Guid]::NewGuid().ToString()
$issuerId = ([Guid]"4729b8e2-073a-47f0-8538-105ec865f3d2").ToString()

$spurl ="http://sharepoint.local"

$spweb = Get-SPWeb $spurl

$sc = Get-SPServiceContext $spweb.site

$realm = Get-SPAuthenticationRealm -ServiceContext $sc

$certificate = Get-PfxCertificate $publicCertPath

$fullIssuerIdentifier = $issuerId + '@' + $realm

New-SPTrustedSecurityTokenIssuer -Name $issuerId -Certificate $certificate -RegisteredIssuerName $fullIssuerIdentifier –IsTrustBroker

iisreset

write-host "Full Issuer ID: " -nonewline
write-host $fullIssuerIdentifier -ForegroundColor Red
write-host "Issuer ID for web.config: " -nonewline
write-host $issuerId -ForegroundColor Red

#Disable OAuth HTTPS requirement FOR DEV!!

$serviceConfig = Get-SPSecurityTokenServiceConfig
$serviceConfig.AllowOAuthOverHttp = $true
$serviceConfig.Update()


New-SPTrustedRootAuthority -Name "$($certificate.Subject)_$($certificate.Thumbprint)" -Certificate $certificate 

Be sure to change any parameter that does not fit your environment. After that the script should look like this:

image

 

The following script lines are needed in order to get it working using a SharePoint site without SSL!!

$serviceConfig = Get-SPSecurityTokenServiceConfig

$serviceConfig.AllowOAuthOverHttp = $true

$serviceConfig.Update()

If you use SSL (e.g. https://sharepoint.local) you can skip this.

No other steps are required. I’ve tested this several times with always fresh SP 2013 environments because I had some difficulties to get this set up.

5. At this point I have not changed anything in Visual Studio after creating the project(s) (there are two) through the wizard.

Check the “web.config” file in you web project.

image

There you find the issuer ID again.

6. Now run the project. You need to trust the app.

image

image

image

9 thoughts on “Create Provider Hosted High Trust App for SharePoint 2013 (Short Guide)

  1. It really helped me…So I have a question. If I want to host the web on the IIS Server, are the steps same?

  2. hi,
    i hame problem to deploy app to IIS

    in iis express with its credentials everything is ok but when i create website in IIS and run app it return access denied message

  3. I created a Sharepoint app in visual studion that perform crud operation on sharepoint but it work locally but from IIS it generating object reference error. please provide information in detail.

  4. Hi thanks in advance,

    I am having an issue with share Point hightrust provider hosted app and app part.

    1. My app part is displaying a custom MVC web application which is configured with corresponding valid certification and keys and it is working fine when placed on a share point site page.

    2. I am being prompted with windows credentials for twice and i am able to see the web application in apppart on SP site page.

    Issue : 1. when i sign in as different user in share point site, user name in the app part – displays old user name which has to be updated with newly logged in user. share point site show newly logged in name different and app part displays old logged in user name.

    Please help me in this regard.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.