Preparing the SharePoint Add-in Infrastructure (v 1.4)
- Michael Böhm (Deactivated)
Setting up SharePoint for provider-hosted add-ins is described in TechNet:
The following points provide a high-level summary of what points are to be checked. Please refer to the TechNet documentation for details.
Check that the following services and service applications exists in the Central Administration:
- App Management Services
- Microsoft SharePoint Foundation Subscription Settings Service
- App Management Service Application
- Subscription Settings Service Application
- User Profile Service Application
- at least one profile must exist
Check DNS configuration:
- Forward lookup zone is necessary for app domain
- Wildcard add-in URLs must resolve to the right SharePoint server
- subject alternative names are necessary as well for the app domain (Wildcard, i.e. *.<app domain>) as for the SharePoint web applications
- you can check this by pinging one of your (possible) add-in URLs
- e.g. "ping appcsi-1bc9e8a79b58af.app-csi-sp2016.communardo.local"
- subject alternative names are necessary as well for the app domain (Wildcard, i.e. *.<app domain>) as for the SharePoint web applications
- a "catch all" web application that has no explicit host name configured
Check App URL Configuration in the Central Administration:
- Configure correct app URL and app prefix
Image 1: Sample configuration of app URL and prefix (click to enlarge)
Check app catalog existence and access:
- create app catalog if none exists
- grant permissions to app catalog (Everyone -> Read)
Image 2: Give read permissions for App Catalog to everyone (click to enlarge)
Remember permissions:
- add-ins with site collection permissions must be added by a site collection administrator
Check HTTPS setup:
Certificate
Prepare to acquire an SSL certificate for server authentication for multiple domains (SAN certificate). It must contain the SharePoint domain(s) as well as the wildcard app domain (as mentioned above), for example:
- DNS-Name=spcon-tua-sp2016.communardo.local
- DNS-Name=my-tua-sp2016.communardo.local
- DNS-Name=*.app-csi-sp2016.communardo.local
- DNS-Name=spcon-tua-sp2016
- SharePoint must run on HTTPS
- Alternate Access Mappings must correctly map external URLs to HTTPS
- example configuration:
- pages with SharePoint Connector web parts must be accessible using the https scheme
- example configuration:
- Certificates must be valid
- A wildcard certificate must be used for the add-in URLs