Step by step create provider hosted application using SP 2013

Step by step create provider hosted application using SP 2013

  • Comments 1
  • Likes

Hello Everyone,

As many of you are aware of newly introduced concept App model in SharePoint 2013.

For introduction and overview of SharePoint app model you can refer to this below article.

In this article I will show development and deployment steps of one of the hosting models in SharePoint app model i.e. Cloud hosted SharePoint app.

Apps in SharePoint

SharePoint 2013 app model has two types of hosting model.

a. SharePoint Hosted Application.

b. Auto Hosted Application.

c. Provider Hosted Application.

Let us concentrate on the Provider Hosted Application. The remaining, I am planning to write a separate article.

Provider Hosted Application

Provider hosted apps are also a part of cloud hosting model, where app can be hosted on any remote web platform such as IIS server. And these apps are made available on deploying it on cloud i.e. using SharePoint online O365 site, or windows azure in case of Auto hosting.

It interacts with SharePoint 2013 by using one of the SharePoint client object models or its REST/OData-based web service. Depending on the scenario it gains authorization to SharePoint data using either the SharePoint 2013 implementation of the OAuth standard or a JavaScript cross-domain library.

Here is how to create a basic provider-hosted app for SharePoint with the Office Developer Tools for Visual Studio 2012, how to interact with SharePoint 2013 sites by using the SharePoint CSOM, and how to implement OAuth in an app for SharePoint.

Prerequisite for building provider hosted app.

  • ·         Visual Studio 2012 installed on your developer computer.
  • ·         Office Developer Tools for Visual Studio 2012.

Microsoft Office Developer Tools for Visual Studio 2012 - RTM


Create and deploy a provider-hosted app for SharePoint solution

A provider-hosted app for SharePoint consists of both an app for SharePoint that is deployed directly to a SharePoint 2013 site and a separately deployed web application. If the provider-hosted web application is an ASP.NET web application, you can use the Office Developer Tools for Visual Studio 2012 to create both components of a provider-hosted app for SharePoint.


1)      Open the Visual Studio 2012 as Administrator


2)      Click New Project.


3)      Select the Template App for SharePoint 2013. Name the Project as SampleProderApp.

  4)      On the Creation of the Solution, Visual Studio will ask for the Site Collection against which we are going to deploy our app. And on the same screen, we need to choose the type of hosting which we are planning. In our case, it is going to be Provider Hosted Application.

 5)       On the selection of Provider Hosted, Click Next. The below screen will be asking the Authentication setting.


Configure SharePoint for low-trust Apps using ACS.

Low-trust Apps are those that use an authentication provider to act as a common authentication broker or trust broker between SharePoint and the App.  This will be Windows Azure Access Control Services (ACS), and as such will of course require an Office 365 subscription.

ACS is where SharePoint requests a context token that it can send to the location hosting the App. The App then uses the context token to request an access token from ACS. Once received, this is used by the App to talk back to SharePoint. Y ou can read more about the detail of the OAuth flow for low-trust Apps here:  OAuth authentication and authorization flow for cloud-hosted apps in SharePoint 2013.


6)      Now, the Solution has been created. The basic solution is as follows.



7)       Our solution will comprise of 2 projects.

a. App Project: This is going to be deployed on the SharePoint.

b. AppWeb Project : This is going to be the .Net Web Application. This application can be hosted on any IIS.

8)      I am using the IIS Express to host the application.

9)      Go to the AppManifest.xml in the App project. AppManifest file will be looking like this.


When you are using Visual Studio and the tools, you can use this (~remoteAppUrl) token for any provider-hosted app and it is resolved when Visual Studio packages the app.


10)   Go to Permissions Tab. Add the corresponding scope and the permissions as per the requirement.



11)   Now, we came to the final step of our provider hosted application creation. That is, we need to register our clientID with the SharePoint before deploying the app.

12)   ClientID is nothing but a GUID. But the only special thing about the ClientID is, it should be small case. i.e., something like 24576c92-961f-442b-a866-e612222cad36

13)   From our SharePoint site itself, go to the AppRegNew.aspx page. The page will present inside the layouts folder. The URL would be something like

14)   This entry in Web.config file shows ClientSecret and client id.


    <add key="ClientId" value="" />

    <add key="ClientSecret" value="NnEHNtSptui3ZF/ijWargTad5M26WKlx6mBvKcD55vQ=" />


The identity of an app, and its client secret, are stored in the Windows Azure Access Control Service (ACS), and the ACS is the authorization authority. When a user first grants an app permissions to access SharePoint 2013 resources on the user's behalf, SharePoint 2013 obtains information about the app from ACS. SharePoint 2013 then stores the basic information about the app in the app management shared service. The content database service and other components, such as the user profile service, can get the display name of an app and other basic information about the app directly from the app management shared service.

15)   Press F5 to deploy this app on the developer site.

16)   Login to the developer site and see in app catalog, this app will be hosted.

17)   Now you can refer the app from any pages from SharePoint farm.

In the next article I am planning to write a high trusted provider hosted app in SharePoint.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment