Tuesday, December 26, 2017

Provider Hosted HighTrust Step by Step

1. Start Services in Central Admin
1. App Management
2. Subscription service
3. UPS

2. Create Web Service Applications in CA
1. UPS
2. App Management

3. Using Power Creae Subscription Proxy service Applications
$account = Get-SPManagedAccount "gdpr/tcadmin"
$appPoolSubSvc = New-SPServiceApplicationPool -Name SettingsServiceAppPool -Account $account
$appSubSvc = New-SPSubscriptionSettingsServiceApplication -ApplicationPool $appPoolSubSvc -Name SPSubscriptionSettingsServiceApplication -DatabaseName "SP-SubscriptionSettingsDB"
$proxySubSvc = New-SPSubscriptionSettingsServiceApplicationProxy -ServiceApplication $appSubSvc

4. Create Self-sign Certificate using Power shell  OR self sign Web hosting Certificate
1. New-SelfSignedCertificate -DnsName "www.xyz.com" -CertStoreLocation cert:\LocalMachine\My
2. https://docs.microsoft.com/en-us/sharepoint/dev/sp-add-ins/create-high-trust-sharepoint-add-ins    --> To create a self-signed test .pfx certificate file

5. Export PFX and CER file form IIS --> Cerficates - save both file at one location.
PFX will use in MVC Web config
CER file will  use in Sharepoint as New-SPTrustedSecurityTokenIssuer (regestrer through powershell command )

6. Register in Sharepoint through Powershell

$certloc = "C:\CERT\certificate.cer"
$certName = "HightTrustDemo"
$issuerId = '11111111-1111-1111-1111-111111111111' # MUST BE UNIQUE
$displayName = "High Trust Demo" # MUST BE UNIQUE

$certificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($certloc)
New-SPTrustedRootAuthority -Name $certName -Certificate $certificate

$realm = Get-SPAuthenticationRealm
$fullIssuerId = $issuerId + "@" + $realm
New-SPTrustedSecurityTokenIssuer -Name $displayName -Certificate $certificate -RegisteredIssuerName $fullIssuerId –IsTrustBroker

7. Add PFX file path , Password and ISsue ID inot MVC Web.config.

8. Generate Client ID and Cliet Secreate from Sharepoint site
URL: http:// SharePoint_website/_layouts/15/appregnew.aspx
Cliet ID : Auto
Secreate : Auto
app Name  : Any thing
Domain : www.xyz.com
Redirect URL : https://www.xyz.com:8443/

Add Cliet ID and Client Secreate  inot MVC Web.config.

Note: Here Www.xyz.com Domain, you can add into Host file (Start Menu -> Run -> "Drivers" -> etc/Host --> open wiht notepad)

9. Host your MVC Application into IIS 
1.IIS --> sites --> Create Web site - > set path and host header www.xyz.com and port 8443.
2. Change App pool identity to your admin user.

10. in visual Sudio Package app wiht client id and URL https://www.xyz.com:8443/

11. Upload *.app file into App catalog.

1. Sharepoint and MVC application Hostheader should not be same.

No comments: