Create a high-trust provider hosted app for SharePoint 2013

In my current assignment, I had to create a provider hosted app. I spend about a day reading different guides online but none provided me with a working solution. I finally got it up and running and I thought I should share it.

Im running both SharePoint and the provider hosted web application on the same server.

Create certificate 

First of you need a X.509 certificate with a public and private key pair. The public key is used to register a trusted security token issuer in SharePoint and the private key is used to secure the remote web application.

I wrote a PowerShell script (Make-Cert.ps1) to help creating the certificate and install it on IIS. It accepts the following parameters:

• Domain: The url to the provider hosted web application. E.g. www.contoso.com.
• OutputDir: The folder where the certificates are created.
• Password: The password for the private certificate.

Create IIS app web

Create a new web site in IIS and bind it to SSL with the newly created certificate. This is where you will deploy your provider hosted app.

Click on the newly created web site and double click the IIS Authentication icon.
Disable Anonymous Authentication and enable Windows Authentication.

Configure an S2S trust

You need to create a trust between SharePoint and the certificate used by the app. I wrote another PowerShell script (Configure-S2S.ps1) for this. The script accepts the following parameters:

•  publicCertPath: The full path to the *.cer file
•  spUrl: The url to the SharePoint site where the app will be installed
•  trustName: A name for the trust
•  issuerId (not mandatory): You can use a pre-defined issuer id or you can have the script generate an id for you by leaving it blank.

Copy the issuer id from the script output.

Register your provider hosted app

Go to http://<your sharepoint site>/_layouts/15/appregnew.aspx

•  Generate App Id and Secret
•  Title: Enter the name of your app
•  App Domain: The app domain registered in your app service. Get the url from http://<central admin>/_admin/ConfigureAppSettings.aspx
•  Redirect url: The url to the first page of your app (https://www.myiissite.com/pages/default.aspx)

Copy the output from the page.

Create a new provider hosted app

Open Visual Studio 2012 and create a new App for SharePoint 2013 project.

The name of the app should be the same as the one you entered in appregnew.aspx

Password: The password provided in Make-Cert.ps1
Issuer ID: From the Configure-S2S.ps1 output

Open web.config in the TestAppWeb project and updat the following app setting keys:

•  ClientId: The guid generated in appregnew.aspx
•  ClientSecret: The secret generated in appregnew.aspx

Right click the SharePoint project and select Publish:
Give the profile a name and click Next


Copy the Client Id and Secret from the output from appregnew.aspx
Click Next and Finish

Deploy your provider hosted app

Go to the generated package
Open *.Web.SetParameters.xml in Notepad.
Update the IIS Web Application Name to the name of your web site (as shown in IIS Manager)
Open a command prompt and run the *.Web.deploy.cmd script with the switch /Y
This will deploy all the resources to your web site.
Upload the *.app file to your app catalog.
Add the app to your site.