How to Configure High Trust for Provider-hosted Apps using SSL in On Premise Environments

Log In to Watch How to Video Now
How to Configure High Trust for Provider-hosted Apps using SSL in On Premise Environments

Please log-in to view this video. Sign up for FREE ACCESS HERE

Alexander Meijers presents How to Configure High Trust for Provider-hosted Apps using SSL in On Premise Environments.

In this video with Alexander you will learn:

1. Learn what needs to be configured to get the provider-hosted app up and running in SharePoint.

2. Creating self-signed certificates and how to apply them to the different web applications in IIS.

3. Configure the forward lookup zones in the DNS.

4. Create a high trust between the provider-hosted app and SharePoint.

5. Create and configure a provider-hosted app project in Visual Studio.


Alexander Meijers presents How to Configure High Trust for Provider-hosted Apps using SSL in On Premise Environments.


Video Transcript:

My name is Alexandra – and I’m proud member of the European Shepherd community in this video you will learn how to configure a high trust for provide a host of apps using sol in on premise environment so I am involved in a lot of on premise deployments at customers in a future these customers wants to move to the cloud that means that we need to rethink how we create custom solutions instead of doing it the old way we need to start using apps one of these apps is the provider hosted app in this demo I will explain how you will configure this to get it up and running so we need to start to define first domains we want to use in this case I’m using for my Chevron website the HTTP control so web.comand for my provider also apps I created the domain app host – cantos awe to calmly app is called my app and will be part of that domain my environment is a single server form in this case makes its lot easier to configure but it does not differ that much from test acceptance and production environments except that he will use need to use other IP addresses or real certificates and firewall settings so the first thing we need to have is a SharePoint websites if I go into the web application environment of central administration you can see here that I’ve created a web application on SSL the second thing what I need is  on is my profile hosted apps site now what I said was of my profile host app is called my app so I created my apple host – apphost welcome and only thing I did was setting the authentication window size education enables by defaults diseases those two are now in place to make sure that I can run apps in my Chabot environment I need to run a script which enable site loading of maps it allows met use developer directly on a team site instead on the developer site ok the next thing I need to do is to configured the two domains need to be in the forward lookup cells so I create a forward look up zone for cantos web with an a record to itself and I do the same for my app house controller also on a record and an extra one which is an alias name they which makes the a straight dot apphouse – controller method call this allows me to create multiple providers with apps running on the same domain with using the same as yourself so the next thing we need to do is to create the certificates the certificates in my case I using self-signed certificates for a production environment you would buy certificates but because wildcard certificates are really expensive for development test and acceptance purposes always suggest to use a self-signed ones nor a lot of tools present which you can use like this self as a cell to create those wealth got certificates boy have notices that most of those tools have still problems when you use multiple wildcard certificates on the same server in my case my single server phone so my experience would make sure it is good and I know that great using makes using certificates based on make cert will work so this script creates first a root certificates called colossal web roots and then creates in this case one for control which is not wealth card and one for app host – canto silicone which is a wild card it you can see on the asterisk here Bob output on materials when you render the script it generates a certificate so if you go into the certificates you will notice that under personal and certificates you will find those just generated certificates the next thing you need to-do is to export those to the share files because we need that when we going to try create a high trust but you also need them to X to import them again and the trust root certification authorities to make sure that your browser is not complaining that certificates and doctorates there are still self-signed certificates and for share but we need them put them on their SharePoint certificates the next step we need to does go back to is and set the certificates for the web applications so the first one is for control so web.comand going to bindings and then setting it to HTTPS you specify here you control so SSL certificate it’s supported to enable require server name indication because we will be running multiple sol certificates the same is done for my apt of app house there’s apphost and that has the other certificate and also the require server name indication turned on so the next thing we need to do is to get the private key of my certificate from nap house domain and from that is all certificate and also the issuer ID because I need that to create the high trust so we go back to the certificates and to get the private key we just do an export select then we want to have two private key and we leave everything defaults and we define a passwords after this it creates the private key which will be laid one used when creating the profile house adapt the second thing we need to do is to get the issuer ID and that’s done by double-clicking the certificates go to details and look for Authority key identifier this is an range of numbers and digits and you will need to go to confer this to acquits to use during trusts and during creation of the final step so next thing we need to do is to create the high trust for that we need the script and the script needs a path to the certification file secondly it needs the issuer ID the file is secured and which is important everything in uppercase running the hydro’s script will actually generate I trust under my security manage trust you will see now the trust here and if you open it you will see that the trust is now between my app house control so f of calm and SharePoint itself so we are almost there the last thing means to do is actually try create the profile setup now for that we go to my official studio environment when you create a profile setup which requests the private key the password for the private key and also the issue ID after creation those trees the values are placed into the web config it’s fairly important to make sure that the issuer ID in this case now is everything in lowercase when the project is created we have to-do two other things one is we have to mention in a manifest XML file the actual part to my Apple -controls otherwise it will go tom local house when I just do a run I want to use it in the actual place where created the replication for my AB host for my profile host step the second thing you need to do is change the way of how you get your client context because it’s a profile setup and you are not running an Astra but just on premise there is no context of which means you need to use the token helper and get us to ask client contacts with Windows and entity to get your client context so everything is change everything is changed and rebuilt in compiled you publish your app to the created web application and the second thing you do is you publish your app itself to the SharePoint environment so we will now go to controls adult web you will see that I have my app here and by clicking on my app you will see that I am redirected now to my Apple Apphouse – cantos method call so let’s wrap up the demo wild card certificates are very expensive so try to use self-signed certificates for development test and acceptance purposes and use all your official certificates for your production environment what I’ve noticed is that some of the tools create problems when you want to use multiple wildcard certificates so the best way to-do this is to use make cert another thing to be aware of is to issue your ID and how it’s used when you create your high-trust using PowerShell you need the issue Ditto be uppercase to it but when you create a profile set up to a visual studio you need to enter that same good but then in lowercase another thing you have to take into account is that there is no context token when you have provider hosted up in an on premise environment so to get the client context you need to use token helper don’t gets2s client context with Windows identity you have seen in the demo that it takes lot of steps to actually configure and high trust and not every part is handled in this demo so check my blog for more in-depth information about this subject thanks for watching this video why not check out some more great how-to videos or subscribe to our YouTube channel for new videos as they’re released

Share this on...
Log In

Rate this Post:


You might also like ...