High-trust provider-host add-in for SharePoint 2013 on-premise

Reference 

https://dev.office.com/sharepoint/docs/sp-add-ins/create-high-trust-sharepoint-add-ins

https://dev.office.com/sharepoint/docs/sp-add-ins/package-and-publish-high-trust-sharepoint-add-ins

  1. Install & configure SharePoint 2013 on-premise (not include)
  2. Install & configure provider-hosted server
    • Window 2008 / 2012 with IIS and ASP.NET 3.5 / 4.5 
    • Web Deploy
  3. Use self-signed certificate for developing and replace it with domain-issued certificate or a commercial certificate issued by a Certificate Authority for PROD
  4. Create self-signed certificate in provider-hostoed server
    • Open IIS and highligh <Server name>
    • Double-click on Server Certificates in Feature View
    • Click on Create Self-signed certificate in Actions
    • Specify a name for certificate (HighTrustTest)
    • Keep certificate store to Personal
    • Click OK to finish
  5. Export pfx file
    • Back to Feature View
    • Right click on the certificate created in step 3 (HighTrustTest) and click Export
    • Choose a destionation folder for saving pfx file and provide passowrd
  6. Create cer file
    • Back to Feature View
    • Double-click on the certificate created in step 3 (HighTrustTest)
    • Click Cope to File in Details tab
    • Check "No, do not export the private key" in Export Private Key section
    • Check "DER encoded binary X.509 (.CER)" in Export File format section
  7. Config SharePoint to trust provider-hosted server
    • Copy .cer file to any server in SharePoint farm
    • Run below script wit PowerShell
    • $remoteCerPath= "C:\HighTrustTest.cer"
      $certificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($remoteCerPath)
      New-SPTrustedRootAuthority -Name "HighTrustTestCert" -Certificate $certificate
      
      $realm = Get-SPAuthenticationRealm
      
      $issuerId = [System.Guid]::NewGuid() ## write down IssueId, will be userd in next
      $issuerIdentifier = $issuerId.ToString() + '@' + $realm
      
      New-SPTrustedSecurityTokenIssuer -Name "High Trust Test Cert" -Certificate $certificate -RegisteredIssuerName $issuerIdentifier -IsTrustBroker
      
      IISReset

       

    • Set OAuth over HTTP
    • $serviceConfig = Get-SPSecurityTokenServiceConfig
      $serviceConfig.AllowOAuthOverHttp = $true
      $serviceConfig.Update()
posted @ 2017-06-22 16:36  一只小小菜鸟  阅读(202)  评论(0编辑  收藏  举报