Certificate used while creating a Provider Hosted Application in SharePoint 2013


Sathish Nadarajan
SharePoint MVP
Published On :   25 Mar 2014
Visit Count
Today :  6    Total :   16880
Plan, Migrate, Secure, Report
SharePoint & Office 365 Tool. Simple & Easy to Use. 15-Day Trial!

Sharegate: Kick-Ass Tool
Think Your SharePoint & Office 365 Are Secure ? Find Out Now!


In the article, we saw the step by step approach to create a provider hosted application. But on that, while creating an app from visual studio, we are giving a certificate and an Issuer ID. I thought of explaining it to the community for a long time. But we forgot and moved to other areas. Now, it’s time to look in to that.

I request the readers to have a look on the above mentioned article to make sure that we are on the same track.

A quick walk through is, on the step number 5, we need to provide a pfx file and an issuer ID.

clip_image002

This issuer ID will be added automatically on the web.config of our provider hosted application. The steps to create and make use of this are as follows.

1. Create a Self Signed Certificate from InetMgr. Please refer here.

2. Export the certificate and create the PFX with a password.

3. Now, we need to create the Issuer ID.

To create Issuer ID, go to the Appregnew.aspx page. The full URL will be something like, https://MyServer/sites/MySiteCollection/_layouts/15/Appregnew.aspx.

clip_image004

Once, we give the IssuerID, the web.config of the app will looks like

 <appSettings>
 <add key="ClientSigningCertificatePath" value="C:\MyCertificate.pfx"/>
 <add key="ClientSigningCertificatePassword" value="****"/>
 <add key="IssuerId" value="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx"/>
 </appSettings>
 

4. Register the Issuer ID to create a new Trusted Identity Token Issuer using the PowerShell script.

5. The following script will do that.

 //Registering a Issuer ID 1dfc02bc-ff74-4604-b295-b58860cba1f9
 
 cls
 
 Add-PSSnapin "Microsoft.SharePoint.PowerShell"
 
 $issuerID = " xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx "
 
 $targetSiteUrl = "https://MyWebApplication:3000/sites/DeveloperSite/"
 
 $targetSite = Get-SPSite $targetSiteUrl
 
 $realm = Get-SPAuthenticationRealm -ServiceContext $targetSite
 
 $registeredIssuerName = $issuerID + '@' + $realm
 
 $publicCertificatePath = "C:\Certs\MyCert.cer"
 
 $publicCertificate = Get-PfxCertificate $publicCertificatePath
 
 Write-Host "Create Security token issuer"
 
 $secureTokenIssuer = New-SPTrustedSecurityTokenIssuer -Name $issuerID -RegisteredIssuerName $registeredIssuerName -Certificate $publicCertificate -IsTrustBroker
 
 $secureTokenIssuer | select *
 
 $secureTokenIssuer  | select * | Out-File -FilePath "SecureTokenIssuer.txt"
 
 #Turn off the HTTPS requirement for OAuth during development
 
 $serviceConfig = Get-SPSecurityTokenServiceConfig
 
 $serviceConfig.AllowOAuthOverHttp = $true
 
 $serviceConfig.Update()
 
 Write-Host "All done..."
 
 
 

Happy Coding.

Sathish Nadarajan.

SharePoint Usage Reports
Usage reports, collaboration and audit for SharePoint.
Categories

Migratiin Tools for SharePoint