<span id="Label3"></p>??<span style="font-family:Microsoft YaHei;font-size:14px;"><span style="font-family:Microsoft YaHei;font-size:14px;">Blog Address: http://blog.csdn.net/FoxDave</span></span><p><p><span style="font-family:Microsoft YaHei;font-size:14px;">Follow-up content let's develop a SharePoint porvider-hosted APP one step at A-this article focuses on some of the preparatory Work.</span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;">SharePoint requires a series of steps to include a certificate and create a unique client ID to use a server-to-server (STS) communication Protocol. Apps that use the STS communication protocol are called High-trust applications because the app allows the User's access token (access token) to impersonate the User's Identity. STS protocol is a general-purpose communication protocol, which requires temporary access token to be accessed and widely used by Microsoft applications, such as Exchange,lync. The SharePoint provider-hosted app created by the local server does not use context tokens to identify users like the cloud, and a high-trust application is not a fully trusted application, and it must request the user who installs it to obtain Permissions.</span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;">Let's take a look at how to do it:</span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;">1. Create a Certificate.</span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;">On the SharePoint server, open IIS manager, Select the server node, and double-click the server Certificate.</span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;"></span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;">Click Create Self-signed certificate in the menu on the Right.</span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;"></span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;">Take a friendly name for the certificate, we call Hightrusttest Here.</span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;"></span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;">Click OK to see the certificate we created, right click on the certificate to select export, usually we export to the Visual Studio project folder directory, here has not been created, first exported to the desktop, password random one, we abc123 here.</span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;"></span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;">The certificate is put here first and will be used Later.</span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;"><br></span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;">2. Create a corresponding. cer file.</span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;">In the server certificate view, Double-click the certificate that we created earlier to display the certificate details and select the Details tab.</span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;"></span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;">Click the Copy to file button, Select next, Default value next, Repeat defaults next, in the filename here, we make hightrusttestcert, next, click Finish to complete the Export.</span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;"></span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;">Note: The. PFX file must be in the same machine as visual studio, the. cer file must be on the same machine as SharePoint 2013. PFX files must be deployed to the Web server where your Web application Resides.</span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;"><br></span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;">3. Configure the services on SharePoint 2013 for use by the STS application, ensuring that the application Management service and the user Profile application are Configured.</span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;">Management Services application, Management center, application management, Ensure that user profile applications and application management services are Started. Services on the server, application management, Central administration, ensure that the user Profile service is Started.</span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;"><br></span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;">4. Configure SharePoint 2013 to use certificates and configure trust for your application</span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;">A. In a text editor or Windows PowerShell editor, start a new file and add the following line to it to create the certificate object</span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;">$publicCertPath = "C:\HighTrustTestCert.cer"</span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;">$certificate = New-object System.Security.Cryptography.X509Certificates.X509Certificate2 ($publicCertPath)</span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;"><br></span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;">B. Add the following line to ensure that SharePoint treats the certificate as a root certification authority</span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;">New-sptrustedrootauthority-name "hightrusttestcert"-certificate $certificate</span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;"><br></span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;">C. Add the following line to get the ID of the authorization realm</span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;"><span style="color:#000000;">$realm</span> <span style="color:gray;">=</span> Get<span style="color:gray;">-</span>Spauthenticationrealm</span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;"><br></span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;">D. Your remote WEB application will use an access token to gain access to SharePoint Data. The access token must be issued by a token issuer who is trusted by SharePoint. In a high-trust SharePoint-related application, the certificate is the token issuer. Add the following line to construct the issuer ID in the format that SharePoint requires:<span class="__cf_email__" data-cfemail="37444752545e515e54685e44444252456870627e73774552565b5a">[email protected]</span>_guid. (id can be generated with visual Studio's own GUID creation tool, Note to Lowercase)</span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;">$specificIssuerId = "ed5182f0-3090-4e83-a58b-9eb145619993"</span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;">$fullIssuerIdentifier = $specificIssuerId + ' @ ' + $realm</span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;"><br></span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;"></span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;">E. Add the following line to register the certificate as a trusted token issuer. the <span class="code">-name</span> parameter must be unique so that in a production configuration, you can usually use a GUID as part (or All) of the name, but in this context you can use a friendly Name. You need the <span class="code">–istrustbroker</span> switch to ensure that you can use the same certificate for all High-trust applications that you develop. To register the token issuer now, you need to <span class="code">iisreset</span> the Command. Without this command, you may have to wait 24 hours to register a new issuer.</span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;">New-sptrustedsecuritytokenissuer-name "high Trust Test Cert"-certificate $certificate-registeredissuername $ Fullissueridentifier-istrustbroker</span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;">IISReset</span></p></p><p><p><br></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;">F. SharePoint 2013 typically does not accept self-signed certificates. therefore, When you use a self-signed certificate for debugging, add the following line to turn off the general requirements for SharePoint for HTTPS when a remote WEB application calls to Sharepoint. If it is not added, you will receive a "403 (forbidden)" message when the remote WEB application calls SharePoint using a self-signed Certificate. You will undo this step in the process that follows. Shutting down the HTTPS requirement means that the request from the remote WEB application to SharePoint is not encrypted, but the certificate can still be used as the trusted issuer of the access token, which is its primary purpose in High-trust sharepoint-related applications.</span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;"><span style="color:orangered;"><span style="color:#000000;">$serviceConfig</span></span> <span style="color:gray;">=</span> Get<span style="color:gray;">-</span>spsecuritytokenserviceconfig</span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;">$serviceConfig. allowoauthoverhttp = $true</span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;">$serviceConfig. Update ()</span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;"><br></span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;">G. Save the file by using the name Hightrustconfig-fordebugonly.ps1</span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;"><br></span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;">H. Open the SharePoint Management Shell as an administrator, and then run the file using the following line</span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;">. <span style="color:gray;">/</span> Hightrustconfig<span style="color:gray;">-</span>FORDEBUGONLY.PS1</span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;"><br></span></p></p><p><p><span style="font-family:Microsoft YaHei;font-size:14px;">Next we will use Visual Studio to develop and deploy the provider-hosted app.</span></p></p>??<p><p>SharePoint 2013 development--provider-hosted App prep work</p></p></span>
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.