Preparing the SharePoint Add-in Infrastructure (v 1.4)

Setting up SharePoint for provider-hosted add-ins is described in TechNet:


The following points provide a high-level summary of what points are to be checked. Please refer to the TechNet documentation for details.


Check that the following services and service applications exists in the Central Administration:

  • App Management Services
  • Microsoft SharePoint Foundation Subscription Settings Service
  • App Management Service Application
  • Subscription Settings Service Application
  • User Profile Service Application
    • at least one profile must exist

Check DNS configuration:

  • Forward lookup zone is necessary for app domain
  • Wildcard add-in URLs must resolve to the right SharePoint server
    • subject alternative names are necessary as well for the app domain (Wildcard, i.e. *.<app domain>) as for the SharePoint web applications
    • you can check this by pinging one of your (possible) add-in URLs
    • e.g. "ping"
  • a "catch all" web application that has no explicit host name configured

Check App URL Configuration in the Central Administration:

  • Configure correct app URL and app prefix

Image 1: Sample configuration of app URL and prefix (click to enlarge)


Check app catalog existence and access:

  • create app catalog if none exists
  • grant permissions to app catalog (Everyone -> Read)

Image 2: Give read permissions for App Catalog to everyone (click to enlarge)


Remember permissions:

  • add-ins with site collection permissions must be added by a site collection administrator

Check HTTPS setup:


Prepare to acquire an SSL certificate for server authentication for multiple domains (SAN certificate). It must contain the SharePoint domain(s) as well as the wildcard app domain (as mentioned above), for example:

  • DNS-Name=spcon-tua-sp2016.communardo.local
  • DNS-Name=my-tua-sp2016.communardo.local
  • DNS-Name=*.app-csi-sp2016.communardo.local
  • DNS-Name=spcon-tua-sp2016
  • SharePoint must run on HTTPS
  • Alternate Access Mappings must correctly map external URLs to HTTPS
    • example configuration:
      example configuration for Alternate Access Mappings mapping external URLs to HTTPS
    • pages with SharePoint Connector web parts must be accessible using the https scheme
  • Certificates must be valid
  • A wildcard certificate must be used for the add-in URLs


Back to Top