11. Hierarchical list of navigation nodes
Static sort order
Scoped to current site collection
Custom properties enable extensibility
12. Vertical breadcrumb hidden in
2013/SPO
Cannot navigate across site collection
boundaries
Basic functionality restored with
master page edit + JavaScript
Advanced functionality requires
custom code
13.
14.
15. Content Query Web Part (XSLT)
App Part
CSOM: No Cross-List Query
CSOM: LINQ to Objects != LINQ to SharePoint
Social API’s
16. Content Search Web Part
Managed Properties
Result Relevancy
Display Templates
Search API’s
17. Write Once, Read Many
In-Place Catalogs
Search Components and API’s
CSOM
REST
18.
19.
20. Collection of branding assets (files)
HTML (.master), CSS, Image (.preview),
related artifacts
Beware of inheritance issues and
feature dependencies
Sandbox
Easy
App
Challenging
21. Create design in UI
Export to WSP
Customize WSP
Sandbox
Easy
App
N/A
25. Open standard for app integration
and authorization
Authentication independent
“Valet Key”
• Access
• Permissions
26.
27. 1
User requests access
App requests
Request Token
App builds auth link
w/ Request Token
2
Provider returns
Request Token
User requests URL +
Request Token
Provider returns
access token
3
User requests URL +
Access Token
App validates access
token
User granted
access
User
Access token
validated
App
Provider
28. Provides integration without multiple
logins
Enables server to server operations on
behalf of users
Establishes trust relationships between
diverse components
Supports the App Model
29. Identity Provider
Security Token Service
Manages identity information for principals (STS)
Handles requests for trusted identity claims
Identity Token Issuer
Identity provider associated with a web application
Security Token Issuer
Trusted resource (farm, server, etc.)
Metadata Endpoint
Resource information and signing certificate (JSON)
Request Token
Used to request permission to protected resource
Access Token
Used by App to access resource on behalf of user
Realm
Azure ACS
Operation scope for authorization
Cloud-based security token service (IP-STS)
30. User browses to app
SP gets request token from ACS
SP sends request tokens to browser
Browser POSTS request token to app
App requests access token from ACS
ACS provides access token
App establishes context
31. Get POST parameters from SP
Parse out Context Token
Read and validate context token
Get access token
Get client context from SP with access token
39. HTTP-based web service architecture that uses nouns
and verbs to define operations
Noun: “Items”
Verbs: GET, POST, PUT, DELETE
OData provides metadata, object typing and query
semantics for underlying data structure (WCF data
services)
/items(0)
Client Object Model service (client.svc) processes
queries, interacts with server OM, returns formatted
response (JSON, XML)
/items/GetByTitle(‘foo’)