I have followed different blogs, articles but I am still not able to get it to work.
I am doing this on a virtual machine.
I have a seperate app domain. User profile service appplication with few profiles, app management service and subscription settings are already setup. I was also able to deploy a sharepoint hosted apps.I also have app catalog setup.
Here are the steps i have done.
1. Created a self signed certificate from IIS7.5 with password, exported the certificate. So basically I have a .pfx file and also .cer file.
2. I have disabled https requirement using
$serviceConfig = Get-SPSecurityTokenServiceConfig $serviceConfig.AllowMetadataOverHttp = $true $serviceConfig.AllowOAuthOverHttp = $true $serviceConfig.Update()
3. Created a visual studio provider hosted app soln. Selected the above certificate in dialog and entered its password. For the IssuerId, I find different people mentioning different values to be put there.
a. Some people put the app id that is got by going to appregnew.aspx
b. Some put a random guid got through powershell
c. Some people get the client id from the web.config of the appweb and put it into the app id of the appregnew.aspx and also click create button. This is the only example where I have seen the person clicked on create button in appregnew.aspx and in all
other examples people have asked to just note the app id down.
I tried all the above methods. Currently I am trying with option c above but I think this is wrong as everytime I deploy with some code change it updates the web.config with a new client id.
4. I have put the client secret in the web.config of app web which was got from the Appregnew.aspx -> App Secret
5. I have seen two slightly different powershells being used to register Trusted Root authority.I have put them both and tried both.
a.
$publicCertPath = "C:\HighTrustApp.cer" $IssuerName = "TestApp" $issuerId = [System.Guid]::NewGuid().ToString() $spurl ="http://10.7.8.161/sites/dev" $spweb = Get-SPWeb $spurl $realm = Get-SPAuthenticationRealm -ServiceContext $spweb.Site $certificate = Get-PfxCertificate $publicCertPath New-SPTrustedRootAuthority -Name $IssuerName -Certificate $certificate $fullIssuerIdentifier = $issuerId + '@' + $realm $tokenIssuer = New-SPTrustedSecurityTokenIssuer -Name $issuerId -Certificate $certificate -RegisteredIssuerName $fullIssuerIdentifier –IsTrustBroker $appPrincipal = Register-SPAppPrincipal -NameIdentifier $fullIssuerIdentifier -Site $spweb -DisplayName $IssuerName Set-SPAppPrincipalPermission -appPrincipal $appPrincipal -Site $spweb -Right "READ" -Scope "Site"
b.
$publicCertPath = "C:\Certs\HighTrustSampleCert.cer" $certificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($publicCertPath) New-SPTrustedRootAuthority -Name "HighTrustSampleCert" -Certificate $certificate $realm = Get-SPAuthenticationRealm $specificIssuerId = "11111111-1111-1111-1111-111111111111" $fullIssuerIdentifier = $specificIssuerId + '@' + $realm New-SPTrustedSecurityTokenIssuer -Name "High Trust Sample Cert" -Certificate $certificate -RegisteredIssuerName $fullIssuerIdentifier –IsTrustBroker iisreset
6. In the properties of the app web, I have set to use local iis for deployment and is using .net 4.5. I clicked on create virtual directoy and went to the Authentication section in IIS for that app web and disabled all other authentication except windows
When I deploy the app and click on Trust it, it gives me 405 Not allowed.What am I doing wrong?I have been trying all above combinations since a week and am frustrated that there is not one good article to refer for on premises deployment.
Also please answer the following
1. Do I need to use anything from appregnew.aspx? If so what and where? Should I click on create button?
2. If I need to click on Create button,
a. what should I enter for app domain. Some examples show to use the domain that was created for apps like apps.contoso.local, some examples show localhost:80 , some other examples show the domain of the computer itself like contoso.com . Which one is
right?
b. Can I enter anything for the title or should I match the provider hosted app name given during creation in Visual Studio
c. Should I give a redirect uri? What should its value be ?
2. Which powershell is correct?
3. Do I need to update client secret in web.config of app web and do I need to udpate client id in app.manifest?