SharePoint Dragons

It certainly seems to be true that the tone of voice in SharePoint 2013 is pretty upbeat, not only when compared with previous versions, but in general. Already, the “working on it” feedback you get when SharePoint is busy has become something of a catch phrase amongst SharePoint devs and admins. It’s a great thing, whenever someone comes up to you and asks you’ve finished something, you can just look up and reply: working on it!

We’ve witnessed another nice example of this upbeat tone when we finished completing toe configuration of the App environment which allows end users to install SharePoint Store Apps, see http://technet.microsoft.com/en-us/library/fp161236(v=office.15) if you want to know how to do that.

Of course, after configuring the App environment, we immediately tried to install one of the SharePoint Store Apps and this is what we got: “Everything is fine, but we had a small problem getting your license. Please go back to the SharePoint Store to get this app again and you won’t be charged for it.”

We appreciate the positivity of the message, but in fact things are not fine and this problem doesn’t get away over time. The message probably means you’re trying to add Apps using the SharePoint System Account, which we found out is not allowed by design as importing App licenses under this account could lead to performance problems (we’re wondering why?) as stated at http://technet.microsoft.com/en-us/library/fp161231(v=office.15).aspx .

So instead, you need to use a regular user account to install Apps. It’s not as easy to sign in as a different user account as it used to be. In SharePoint 2013, the quick shortcut Sign in as Different User is missing, so one thing you can do is go to Start > click Shift + Internet Explorer and choose Run as Different User to run the browser in a different user context. We found that that’s not even enough, because now the SharePoint Store has trouble detecting language settings, so you need to actually log in as a different user. After that, adding Apps from the SharePoint Store should work fine.

Interesting App gotcha: when Apps run under the App Only App Authorization Policy they run under the special SHAREPOINT\APP account. This only works for OAuth authenticated calls, and doesn’t work for some APIs that require the presence of a user context, such as the Search API.

We feel that most people would agree that the introduction of the SharePoint 2013 App model is the biggest architectural change in SharePoint 2013. We feel it’s a logical step and we have faith that eventually the App model will turn out fine, but we have our doubts how the APP model will work out initially. For now, these seem to be the biggest drawbacks of the App model:

• Apps can leverage a basic stylesheet of the referring SharePoint site, but for sure until so far the UI integration between Apps and SharePoint doesn’t look seamless at all. The Apps that are available right now from the SharePoint App Store seem to be struggling with this a lot. This is going to be a huge pain point, customers will expect integration to look naturally and for now it’s a big question mark if the tools provided to App developers allow them to deliver.
• Apps will need to rely heavily on JavaScript and asynchronous REST API calls/client OM calls to interact with the associated SharePoint context. Apps mostly built using JavaScript: we fear the code will become a huge spaghetti mess.
• Sahil Malik brings up an interesting point in http://www.dotnetrocks.com/default.aspx?showNum=794 , although App/SharePoint communication leverages OAuth, will it be safe? Sahil raises some serious doubts concerning the current implementation, and expects the burden of providing a secure solution will be placed on the shoulders of every App developer.
• After a SharePoint App has successfully obtained Full permissions, in principle there is nothing from stopping a vendor from modifying that web application to do something different (and evil?).
• The new App model brings a lot more cross-server communication with it. Will this impact the performance noticeably, will Apps be perceived as sluggish?

Andrew Connell has written this great blog post about doing advanced workflow debugging in SharePoint 2013 by leveraging the free HTTP traffic monitoring tool Fiddler. Using an HTTP monitoring tool for workflow debugging purposes makes a lot of sense for two reasons:

• SharePoint 2013 leverages Windows Azure Workflow (WAW) to provide SharePoint 2013 workflows. Both components communicate via HTTPS/SSL.
• SharePoint 2013 workflows are declarative and don’t allow developers to add custom code. Instead, developers have to either create custom actions or use the new HTTP workflow activities to call custom WCF services.

Because of these two reasons, the amount of HTTP traffic that happens under water when executing workflows increases dramatically. Hence, Fiddler becomes a useful workflow debugging tool. Check out the good stuff at: http://www.andrewconnell.com/blog/archive/2012/07/18/sharepoint-2013-workflow-advanced-workflow-debugging-with-fiddler.aspx.