In my previous blog I have explain about how to configure your on premise 2013 SharePoint for App modal deployments. In this blog I will write about how to create a provider hosted app and publish it on SharePoint.  I will explain the steps consider SharePoint for Production environment.

Pre Requisite:

SharePoint 2013 is installed.  Https web application is already created on port 443 (or any port for simplicity I am taking default 443 port in this article). SharePoint is configured to support App Modal for reference see:

 

Steps:

Step 1: To setup an app catalog for a web application

1. Browse to the Central Administration Site (Start > All Programs > Microsoft SharePoint 2013 Products > SharePoint 2013 Central Administration)
2. In the left task pane, choose Apps.
3. On the Apps page, under App Management, choose Manage App Catalog.
4. On the Manage App Catalog page, make sure you have the right web application selected in the Web Application Selector.
5. Choose View site settings.
6. On the Site Settings page, choose Site collection administrators to specify the site collection administrators, and then choose OK.
7. To grant site permissions to users, choose Site Permissions, and then choose Grant Permissions.
8. In the Share ‘App Catalog Site’ dialog box, specify one or more site users, set the appropriate permissions for them, optionally set other options, and then choose Share.
9. To add apps to the apps for Office app catalog, choose Apps for Office.

 

Step 2: Obtain Client Id and Secret from SharePoint

 

To obtain Client Id and Secret Navigate to

<AppCatalogURL>/_layouts/15/appregnew.aspx

The below page will open. 

 

Generate Client ID, Generate Secret Id, and Title for your App, App Domain (this must be domain of IIS web site for your App Server) and Redirect URL: This must be default page URL of your App.  Make sure to save this information somewhere as we will be needing this from time to time.

 

Step 3: Create High Trust for App

To work with Provider Hosted App we need to create a high trust between the App Server and SharePoint.

To Create the High Trust Copy the below PowerShell Command in PS1 file and run it with the on SharePoint Management Shell 2013

To create a high trust between servers we require a certificate It can be a self-signed certificate or a domain certificate.

Pass the Client ID which is generated in step 2.

param(

    [Parameter(Mandatory)][String] $CertPath = $(throw "Usage: HighTrustConfig-ForSingleApp.ps1 -CertPath <full path to .cer file> -CertName <name of certificate> [-SPAppClientID <client ID of SharePoint app>] [-TokenIssuerFriendlyName <friendly name>]"),

    [Parameter(Mandatory)][String] $CertName,

    [Parameter(Mandatory)][String] $SPAppClientID,

    [Parameter()][String] $TokenIssuerFriendlyName

)

# Stop if there's an error

$ErrorActionPreference = "Stop"

 

# Ensure friendly name is short enough

if ($TokenIssuerFriendlyName.Length -gt 50)

{

    throw "-TokenIssuerFriendlyName must be unique name of no more than 50 characters."

}

 

# Get the certificate

$certificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($CertPath)

 

 

# Make the certificate a trusted root authority in SharePoint

New-SPTrustedRootAuthority -Name $CertName -Certificate $certificate

 

# Get the GUID of the authentication realm

$realm = Get-SPAuthenticationRealm

 

# Must use the client ID as the specific issuer ID. Must be lower-case!

$specificIssuerId = New-Object System.String($SPAppClientID).ToLower()

 

# Create full issuer ID in the required format

$fullIssuerIdentifier = $specificIssuerId + '@' + $realm

 

# Create issuer name

if ($TokenIssuerFriendlyName.Length -ne 0)

{

    $tokenIssuerName = $TokenIssuerFriendlyName

}

else

{

    $tokenIssuerName = $specificIssuerId

}

 

# Register the token issuer

New-SPTrustedSecurityTokenIssuer -Name $tokenIssuerName -Certificate $certificate -RegisteredIssuerName $fullIssuerIdentifier

 

Step 4: Add Root Authority

In case you have generated a domain certificate or your self-signed certificate as root certificates than you need to add all those certificates also as TrustedRootauthority in Sharepoint to do that you need to run the below powerShell Commands.

 

param(

    [Parameter(Mandatory)][String] $CertName = $(throw "Usage: AddSPRootAuthority.ps1 -CertPath <full path to .cer file> –CertName <name of certificate>"),

    [Parameter(Mandatory)][String] $CertPath

)

 

# Stop if there's an error

$ErrorActionPreference = "Stop"

 

# Make the certificate a trusted root authority in SharePoint

$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($CertPath)

New-SPTrustedRootAuthority -Name $CertName -Certificate $cert

 

Step 5: Configure App Principal

You need to configure App Principal on SharePoint site on which you want to Install your App. To clarify this is not the Catalog url else it is Url of SharePoint Host web on which you want to use your app. To do this Run the following powershell commands

 

param(

    [Parameter(Mandatory)][String] $appDisplayName,

    [Parameter(Mandatory)][String] $clientID,

    [Parameter(Mandatory)][String] $targetSiteUrl

)

 

 $targetSite = Get-SPSite $targetSiteUrl

 

 $realm = Get-SPAuthenticationRealm -ServiceContext $targetSite

 

 $fullAppPrincipalIdentifier = $clientID + '@' + $realm

 

 Write-Host "Registering new app principal"

 

 $registeredAppPrincipal = Register-SPAppPrincipal -NameIdentifier $fullAppPrincipalIdentifier -Site $targetSite.RootWeb -DisplayName $AppDisplayName

 

 $registeredAppPrincipal | select * | Format-List

 

 $registeredAppPrincipal | select * | Format-List | Out-File -FilePath "Output.txt"

 

 Write-Host "Registration Completed"

 

Step 6: To create a high-trust app for SharePoint

1. In Visual Studio, choose File, New, Project.
2. In the New Project wizard, expand the Visual C# or Visual Basic node, and then expand the Office/SharePoint node.
3. Choose Apps, and then choose to create an App for SharePoint 2013 project.
4. Name the project HighTrustSampleApp.
5. Save the project in a location you choose, and then choose OK.
6. Select the Provider-hosted option, and then choose the Next button.
7. If you are prompted to specify the type of web project, select ASP.NET Web Forms Application for the continuing example in this topic, and then choose the Next button.
8. The Configure authentication settings page of the wizard opens. The values that you add to this form will be added to the web.config file automatically. Under How do you want your app to authenticate?choose Use a certificate.
9. Click the Browse button next to the Certificate location box and navigate to the location of the self-signed certificate (.pfx file) that you created (C:\Certs). The value of this field should be the full path C:\Certs\HighTrustSampleCert.pfx. (this is the certificate we used in step 3).
10. Type the password for this certificate in the Password box. In this case, it is "password".
11. Type the issuer ID (11111111-1111-1111-1111-111111111111) in the Issuer ID box. Issuer ID is Client ID.
12. Choose Finish. Much of the configuration is done when the solution opens. Two projects are created in the Visual Studio solution, one for the app for SharePoint and the other for the ASP.NET web application.

 

References: http://msdn.microsoft.com/en-us/library/office/fp179901(v=office.15).aspx

Step 7: Publish and Deploy

1: Deploy the web application

To open the Publish your app page

In Solution Explorer, open the shortcut menu for the app for SharePoint project, and then choose Publish.

The Publish your app page appears.

To select or create a profile

In the Current profile list, choose a profile to import, or choose <New …> to create a profile.

.

If you choose <New …>, the Create publishing profile wizard appears.

 

To deploy your web app project

On the Publish your app page, choose the Deploy your web project button.

The Publish Web dialog box appears.

On the Connection and Settings tabs, fill in any missing values.

To change how the files for your app for SharePoint are published or if the app uses an external database, choose the Settings tab. See the section "Configuring the Settings Tab" in How to: Deploy a Web Project using On-Click Publishing in Visual St....

To review what items will change when the web app is deployed, choose the Start Preview button on the Preview tab.

Choose the Publish button to deploy the web app project.

Step 2: Package the App

On the Publish your app page, choose the Package the app button.

The Publish apps for Office and SharePoint wizard appears.

In the Where is your website hosted? text box, enter the URL of the website that will host the content files of your app for SharePoint.

You must specify an address that starts with the "https" prefix. See Why do my apps have to be SSL-secured?.

In the What is the app's client ID? text box, the client ID that you entered in the publishing profile should already appear.

If you’ve used a placeholder value for the client ID until this point, you must add an actual client ID now. This information is embedded in the .app package and enables your web content to communicate with SharePoint on the live site.

Choose the Finish button.

Visual Studio generates the files that are needed to publish your app for SharePoint and then opens the publish output folder. For information about how to install the app, see Install and manage apps for SharePoint 2013.

Step 3: Publish your app for SharePoint

1. Go to App Catalog Site
2. Click on App for SharePoint.
3. Upload the App Package which is create in step 3

References: http://msdn.microsoft.com/en-us/library/office/jj220044(v=office.15).aspx

Step 8: Using APP

1. Go to site on which you want to use the app.
2. Click on site contents.
3. Add an App.
4. App from your organization. You will see your app there.
5. Click and deploy the app.
6. It will ask for trust. Trust it.
7. Now you will see the app in site contents.
8. Click on app and it will redirect to your App Server. And your app is working.