I don’t know why you’d use SharePoint hosted apps. Beyond the obvious limitation of not being able to use any server side code and AppWebs being quite limited, there are two huge big deal issues I see with SharePoint hosted apps,
- The upgrade story of SharePoint hosted apps, specifically AppWebs, is awful. The AppWeb gets reprovisioned everytime you reinstall/upgrade the App. You can of course write remote event receivers to record the state of the AppWeb, and all Client WebParts, and save that information somewhere else. But if you’re going through all that complexity, why not just write a provider hosted app?
- Perhaps a more sinister limitation of SharePoint hosted apps is, they cannot work with FBA, or any kind of SAML auth, including ADFS. They only work with Windows Identities. You may say, provider hosted apps can also not work with claims OOTB, well yeah! But you can extend the TokenHelper.cs class to work with claims. With SharePoint hosted apps, you’re completely outta luck. Well not quite, you could technically write an STS that supports wildcard realms .. I’ll write one at some point .. but for now, I just steer clear of SharePoint hosted apps. For all practical purposes, I see them as “demo code” only.
There is a codeplex project that I am going to publish by end of day today that solves this problem though. Link to codeplex project,