SharePoint App, Custom Domain and free SSL certificate

25 Mar 2017
March 25, 2017

Recently I created lots of SharePoint provider hosted apps for several customers – most of them very simple apps to register a remote event receiver or send emails. But a few of them were complex business apps that used the integration options for SharePoint but stood almost separately as websites running on Azure. The first apps we created had the name <app>.azurewebsites.net – and for some customers that looked so odd that they opened tickets and asked for confirmation if the apps are legit. And that makes perfect sense because everybody could create a website and call it superlegitcustomerapp.azurewebsite.net, right? So in this blog post I will show you how to run an app on a custom domain with a free SSL certificate.

For this article I assume that you have your SharePoint App up and running on Azure – and I assume that you have a domain to use.

Register the custom domain on Azure

3 easy steps to register a new hostname

First things first – tell the azure website that it will have a new hostname to respond to. Therefore go to the azure portal, open your website and click on “custom domain”. Then add your domain or subdomain that should be the new entry point of your app. Once you have done that, you need to validate the websites by adding a txt record to your nameserver with the value * mapped to .azurewebsites.net – full guide is here.

domain validation via nameserver entry. The @ symbol was not allowed, but with * it worked.

After validation was successfully it should look like that:

new entry was added successfully

For the custom domain you need at least a shared instance tier for your azure website.

New name – new problems

Ok, now we have setup the new hostname and we can open up the site with that – but that creates some problems:

  1. The app registration (/_layouts/15/appregnew.aspx) needs to be updated
  2. The app manifest and the app points to the old site
  3. There is no SSL certificate for the new name

1 & 2 are easy solvable: Open the app in Visual Studio, change the app domain, upload it to the app store, trust it and re-add it to your sites. But if you open the new app – you will either redirect to http:// and have all you traffic sent over an encrypted connection – or you send it to https:// and will be greated by a security warning in your browser because there is no SSL certificate present for your new domain.

Free SSL certificate

In the past I heavily used free SSL certificates from StartCom because they were trusted in all browsers and were free for 1 year – but they lost trust in google chrome and firefox recently so that is no longer an option. Not using a ssl certificate is no option at all – business apps need security and trust – therefore I needed another option, preferably free so no long discussion with customers, CSRs and all that to request a certificate for your needs. I want easy.

Let’s encrypt for the rescue

There is a really great organization that provides free SSL certificates – Let’s Encrypt – and I use them for this blog with ease, too. So why not use them for my Azure websites? The let’s encrypt certificates only lasts 3 months and should be renewed automatically (way better than certificates that lasts 1 year and have to be renewed manually…) – so there should be some sort of integration right into the azure websites for that – and there is! Thanks to the awesome work of Simon J.K. Pedersen there is a Azure Website Extension for Let’s Encrypt.

The installation was really straightforward for me and is well documented here – I added the extension (choose the correct version for 32 or 64bit!), register a new service principal and give it contribute permissions – open the extension site https://.scm.azurewebsites.net/letsencrypt/ and enter all the required values:

Once you save it the magic happens – two webjobs will be registered that request a new certificate, register them and two weeks before expiry renew them automatically for you. Awesomesauce!

For the custom ssl certificate you need at least a basic app service plan.

Summary

So once you have done all that you will have a nice domain for your app – giving your users trust and easy to recall entry to your business application – and all that is free with zero maintenance. And all your browsers love it, too:

trusted in Google Chrome

trusted in IE11

 

So if you create a new app – register the domain first, follow the guide above and you are good to go – the secure way: customer happy, developer happy, security guy happy! 🙂

 

 

 

My notes: SharePoint Saturday Munich 2017 #SPSMUC

04 Mar 2017
March 4, 2017

So this was my inaugural SharePoint Saturday in my hometown Munich – the last time I couldn’t attend – and now I am fully thrilled to be part of the greatest and latest SharePoint community event in Munich – and maybe even in Germany.

Hosted directly in the Microsoft headquarter in Munich (awesome office!) – with more than 400 attendees this will be fun!

1/4 of the agenda – right next to each session room.

My agenda and some brief notes are below – the full agenda and the list of awesome speakers is here.

#SPSMUC00: Keynote: SharePoint Futures – Field and Engineering Perspective – Aligned or Different?

with Eric Shupps(@eshupps) and Veza Juvonen (@vesajuvonen)

I was not in the same room as the two speakers because of room capacities – and I watched (better listened) to the keynote that has been broadcasted to two other rooms. It was a different experience for me because it was hard to follow some of the jokes without seeing what is going on the stage – but it was still fun 🙂

It almost felt like Veza and Eric did a good cop, bad cop theme what is good and bad about SharePoint and Office 365 as of now – there is lot to come, many internal changes of how things will be

#SPSMUC01: The key to a successful Office 365 implementation is adoption

by Jasper Osterveld(@jasoosterveld)

Adoption is key! Jasper gave some really great tips that will definitely be considered in my company for my customers! The room was quite packed, more than 75 people in the room – awesome!

Launch card, launch video and launch party: Well, that’s a cool starting point to promote the new technology, the options and possibilities – what sounds easy for all of us, might not be for some others. So be honest about what the new tech can do for you and be integrative.

Well, what could be worse of a great portal and nobody uses it, right? So I will keep lots of those tips and tricks in mind!

Office 365 adoption session – very fun to watch!

#SPSMUC03: Pushing the Boundaries – A Deep-Dive into Real-World SharePoint Add-In

by Eric Shupps(@eshupps)

Eric shared a lot of his experiences with apps – from expiring tokens, to expiring apps – and where can host your apps. All those options come with different possibilities (!!!) , but great overview to get started.

Apps on Azure

Provider Hosted Apps

You don’t control the costs

Well, that quote is perfectly describing the situation of many devs – I had a customer project that was stuck for months because nobody was able to create a Azure SQL database (4€/month!) because nobody was defined to provision and in the end pay for the database…

Eric showed a nice demo from Office PnP about throttling and REST – cool stuff, need to check it.

Another one: Think and play through the removal of your app – there are some missing pieces.

If you don’t wanna sleep at night – build your own provisioning engine!

Apparently there was no applause for that brilliant quote – but he is sooooooo right!

Cool stuff – great session – Eric can definitely talk faster than I can take notes 🙂

#SPSMUC22: SharePoint Patching demystified

by Stefan Goßner (@stefan_gossner)

Whops, I missed that one because I talk too much – hopefully I find his slides online to get demystified, too!

#SPSMUC13: Level up with PowerApps and Microsoft Flow

by Mikael Svenson (@mikaelsvenson)

PowerApps – I absolutely love what I am seeing. Responsive, fast, slick design – the future of business forms is bright. For Power Users it could be tricky tho build everything that Mikael showed us. Even tho Mikael made building cascading drop down look easy!

Autocomplete for the control bindings, every InfoPath dev or PowerUser would love that – but lets focus on the future, right?

 

PowerApps and Flow – Mikael in action!

Full house!

Rename all the controls!

I see a lot of interesting projects that will use that in the future – SharePoint as business platform sounds familiar, right? Mikael’s slides are already available here.

Good session, I had good fun!

#SPSMUC17: Implementing SharePoint hybrid search, start to finish

by Thomas Vochten (@ThomasVochten)

Search Search Search – I just cant get enough of it. I gave a similar talk in Brussels last year, but its of course totally interesting how Thomas presents that topic, whats important for him and then of course “steal” all the good parts 🙂

Thomas gave a very concise overview of the search architecture and the options – and then compared the functionality of the past with all we get by using hybrid search: unified index, ranking, refiners and unify everything from remote repositories to one index. Awesome! If you want to check all the tiny details, check this post.

 

Legacy outbound hybrid

eDiscovery and Compliance benefit of the hybrid search (cool) – and a big chapter about security especially security trimming.

And a neat display template to visualize that the search result sits onPrem – awesome!

And then there was a nice live demo of configuring hybrid search on stage – I crossed my fingers – and everything worked! Cool stuff.

Good session by Thomas – thanks!

Summary

Top session, top speakers, super professional and awesome organization, free community event and full house – how could you top that? Even the weather was perfect! I enjoyed all the sessions, learned a bit here and there – and had many good chats with old friends, new friends and vendors!

Kudos to Matthias Einig (@mattein) , the team of Rencore and all the awesome sponsors for making this happening!

And now, let’s SharePint!

Efficiently empty a large SharePoint Online list

08 Feb 2017
February 8, 2017

Ages ago I created a PowerShell script that I used a couple of times by now: efficiently empty a large SharePoint list – but apparently that code does not work against a SharePoint Online list.

a simple script to empty a SharePoint Online List

So here is an updated version of the script:

Or download the script from here.

You can call the script with the following parameters:

I tried it several times on my tenant (and I even created a script to create thousands of items): Once I got rid of all the timeouts I got a delete performance of 11,84 items per second. Not great, but still faster than the Quick Edit View, right? 🙂

Disclaimer

There is no way back – if you start the script there is no “ARE YOU SURE?” – all data is gone in a very short time.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close