Provider Hosted Apps - OOTB big limitation

Posted on 6/21/2013 @ 12:36 PM in #SharePoint by | Feedback | 4200 views

Provider Hosted apps are pretty sweet huh? I don’t like SharePoint hosted apps for the reasons detailed here. Why do I like provider hosted apps?

  1. Upgrades are sweet – I can use all the good practices used by my ASP.NET bretheren.
  2. TDD is sweet - – I can use all the good practices used by my ASP.NET sisteren.
  3. I can use server side code, which means, I can do things that are similar to timer jobs
  4. This server side code can be web services also, opening SP apps to a lot more flexibility.
  5. I can do on the fly permissions
  6. I can do app only permissions.

And, as much as we may have our head in the clouds lately, the reality is, 99.99% of the organizations out there, when they roll out SharePoint 2013, they will not use Autohosted apps and office 365. They will use on-premises provider hosted apps. And as of now, they will use it with S2S trust. Hopefully at some point Microsoft will roll out the guidance for on-prem OAuth2, but if they create a dependency on Azure ACS (which they most probably will), I think most orgs will continue to use S2S trust until there is a better solution.

And while I’m at it, WSPs are not deprecated or dead. Seriously, get your head out of this appsh!t, apps are not the be-all/end-all, you will still write WSPs in 2013 projects. That’s all there is to it.

So, anyway, there is a huge limitation of provider hosted apps.

You know you can make cross domain calls to SharePoint using either JavaScript or Server side code right? Well, not simultaneously.

An app has to choose, if it will make use of JavaScript based calls to SharePoint, or Server side calls to SharePoint.

Oh seriously? Yes! And this is by design. As I see it, if you want to use JavaScript, you have to dumb down your provider hosted app to a SharePoint hosted app (basically loose half the advantages above).

Fortunately, there is a way around this problem .. which is what my codeplex project is all about .. (next blogpost).

Sound off but keep it civil:

Older comments..