SharePoint Dragons

Interesting App gotcha: when Apps run under the App Only App Authorization Policy they run under the special SHAREPOINT\APP account. This only works for OAuth authenticated calls, and doesn’t work for some APIs that require the presence of a user context, such as the Search API.

We feel that most people would agree that the introduction of the SharePoint 2013 App model is the biggest architectural change in SharePoint 2013. We feel it’s a logical step and we have faith that eventually the App model will turn out fine, but we have our doubts how the APP model will work out initially. For now, these seem to be the biggest drawbacks of the App model:

• Apps can leverage a basic stylesheet of the referring SharePoint site, but for sure until so far the UI integration between Apps and SharePoint doesn’t look seamless at all. The Apps that are available right now from the SharePoint App Store seem to be struggling with this a lot. This is going to be a huge pain point, customers will expect integration to look naturally and for now it’s a big question mark if the tools provided to App developers allow them to deliver.
• Apps will need to rely heavily on JavaScript and asynchronous REST API calls/client OM calls to interact with the associated SharePoint context. Apps mostly built using JavaScript: we fear the code will become a huge spaghetti mess.
• Sahil Malik brings up an interesting point in http://www.dotnetrocks.com/default.aspx?showNum=794 , although App/SharePoint communication leverages OAuth, will it be safe? Sahil raises some serious doubts concerning the current implementation, and expects the burden of providing a secure solution will be placed on the shoulders of every App developer.
• After a SharePoint App has successfully obtained Full permissions, in principle there is nothing from stopping a vendor from modifying that web application to do something different (and evil?).
• The new App model brings a lot more cross-server communication with it. Will this impact the performance noticeably, will Apps be perceived as sluggish?

Andrew Connell has written this great blog post about doing advanced workflow debugging in SharePoint 2013 by leveraging the free HTTP traffic monitoring tool Fiddler. Using an HTTP monitoring tool for workflow debugging purposes makes a lot of sense for two reasons:

• SharePoint 2013 leverages Windows Azure Workflow (WAW) to provide SharePoint 2013 workflows. Both components communicate via HTTPS/SSL.
• SharePoint 2013 workflows are declarative and don’t allow developers to add custom code. Instead, developers have to either create custom actions or use the new HTTP workflow activities to call custom WCF services.

Because of these two reasons, the amount of HTTP traffic that happens under water when executing workflows increases dramatically. Hence, Fiddler becomes a useful workflow debugging tool. Check out the good stuff at: http://www.andrewconnell.com/blog/archive/2012/07/18/sharepoint-2013-workflow-advanced-workflow-debugging-with-fiddler.aspx.