SharePoint hosted apps, are terrible

Posted on 6/21/2013 @ 2:55 PM in #SharePoint by | Feedback | 5228 views

I don’t know why you’d use SharePoint hosted apps. Beyond the obvious limitation of not being able to use any server side code and AppWebs being quite limited, there are two huge big deal issues I see with SharePoint hosted apps,

  • The upgrade story of SharePoint hosted apps, specifically AppWebs, is awful. The AppWeb gets reprovisioned everytime you reinstall/upgrade the App. You can of course write remote event receivers to record the state of the AppWeb, and all Client WebParts, and save that information somewhere else. But if you’re going through all that complexity, why not just write a provider hosted app?
  • Perhaps a more sinister limitation of SharePoint hosted apps is, they cannot work with FBA, or any kind of SAML auth, including ADFS. They only work with Windows Identities. You may say, provider hosted apps can also not work with claims OOTB, well yeah! But you can extend the TokenHelper.cs class to work with claims. With SharePoint hosted apps, you’re completely outta luck. Well not quite, you could technically write an STS that supports wildcard realms .. I’ll write one at some point .. but for now, I just steer clear of SharePoint hosted apps. For all practical purposes, I see them as “demo code” only.

But this means, we have another huge issue, You see, provider hosted apps, if they wish to use cross-domain javascript, they must provision an AppWeb (as detailed here). This means, OOTB at least, provider hosted apps, using any authentication other than windows claims, cannot make use of client side JavaScript.

There is a codeplex project that I am going to publish by end of day today that solves this problem though. Link to codeplex project,

Sound off but keep it civil:

Older comments..