SharePoint Dragons

Interesting App gotcha: when Apps run under the App Only App Authorization Policy they run under the special SHAREPOINT\APP account. This only works for OAuth authenticated calls, and doesn’t work for some APIs that require the presence of a user context, such as the Search API.

We feel that most people would agree that the introduction of the SharePoint 2013 App model is the biggest architectural change in SharePoint 2013. We feel it’s a logical step and we have faith that eventually the App model will turn out fine, but we have our doubts how the APP model will work out initially. For now, these seem to be the biggest drawbacks of the App model:

• Apps can leverage a basic stylesheet of the referring SharePoint site, but for sure until so far the UI integration between Apps and SharePoint doesn’t look seamless at all. The Apps that are available right now from the SharePoint App Store seem to be struggling with this a lot. This is going to be a huge pain point, customers will expect integration to look naturally and for now it’s a big question mark if the tools provided to App developers allow them to deliver.
• Apps will need to rely heavily on JavaScript and asynchronous REST API calls/client OM calls to interact with the associated SharePoint context. Apps mostly built using JavaScript: we fear the code will become a huge spaghetti mess.
• Sahil Malik brings up an interesting point in http://www.dotnetrocks.com/default.aspx?showNum=794 , although App/SharePoint communication leverages OAuth, will it be safe? Sahil raises some serious doubts concerning the current implementation, and expects the burden of providing a secure solution will be placed on the shoulders of every App developer.
• After a SharePoint App has successfully obtained Full permissions, in principle there is nothing from stopping a vendor from modifying that web application to do something different (and evil?).
• The new App model brings a lot more cross-server communication with it. Will this impact the performance noticeably, will Apps be perceived as sluggish?

Andrew Connell has written this great blog post about doing advanced workflow debugging in SharePoint 2013 by leveraging the free HTTP traffic monitoring tool Fiddler. Using an HTTP monitoring tool for workflow debugging purposes makes a lot of sense for two reasons:

• SharePoint 2013 leverages Windows Azure Workflow (WAW) to provide SharePoint 2013 workflows. Both components communicate via HTTPS/SSL.
• SharePoint 2013 workflows are declarative and don’t allow developers to add custom code. Instead, developers have to either create custom actions or use the new HTTP workflow activities to call custom WCF services.

Because of these two reasons, the amount of HTTP traffic that happens under water when executing workflows increases dramatically. Hence, Fiddler becomes a useful workflow debugging tool. Check out the good stuff at: http://www.andrewconnell.com/blog/archive/2012/07/18/sharepoint-2013-workflow-advanced-workflow-debugging-with-fiddler.aspx.

It’s a remarkable move that InfoPath forms are no longer used in workflows. InfoPath in combination with Forms Services is a great platform that makes it quite easy to create robust and nice looking web forms. We’ve found that one of the places where InfoPath really shines was within SharePoint workflows. InfoPath forms are rendered to HTML by Forms Services, running as a service within your SharePoint farm. To us, this is just another example of the clear trend where Microsoft tries to move custom code outside of your SharePoint environment.

Loops have been a much requested feature for SharePoint Designer that has been added in v2013. We have seen lots of developers and power users asking for it. In SharePoint 2010, workflow Loops where only available in Visual Studio 2010 as it was considered too dangerous to hand the power of Loops and its possible disastrous side-effects to power users. One misconstrued infinite loop in a custom workflow could have a definite impact on SharePoint farm performance. Now, since SharePoint 2013 workflows run outside the SharePoint farm (in Windows Azure Workflow, WAW), such risks are considered to be acceptable. As a side note and recurring trend: again the SharePoint 2013 platform does its best to take all code out of the farm.