Friday, October 21, 2016

The required version of SharePoint Foundation or SharePoint Server is not installed on this system. The target version of the SharePoint project is 16.1.

Scenario: To create and deploy a provided hosted app for SharePoint online.

Issue: Error occurred in Visual Studio 2015 on deploying solution

Error: The required version of SharePoint Foundation or SharePoint Server is not installed on this system. The target version of the SharePoint project is 16.1.

Resolution: Since this solution is targeted to SharePoint online, make sure that the host SharePoint site is provided with SharePoint online URL. This issue might occur when the site URL is pointed to SharePoint 2013 on-premise environment.

SharePoint Provided Hosted App
SharePoint Provided hosted App

Tuesday, October 4, 2016

Architectural Style

Architecture styles and patterns as sets of principles that shape an application. This following table describes and discusses architecture styles and principles commonly used for applications today. For each style, you will find an overview, with example and information that will help you choose the appropriate architectural styles for your application


Architecture styles



Segregates the system into two applications, where the client makes requests to the server. In many cases, the server is a database with application logic represented as stored procedures.
When a bank customer accesses online banking services with a web browser (the client), the client initiates a request to the bank's web server. The customer's login credentials may be stored in a database, and the web server accesses the database server as a client. An application server interprets the returned data by applying the bank's business logic, and provides the output to the web server. Finally, the web server returns the result to the client web browser for display.
In each step of this sequence of client–server message exchanges, a computer processes a request and returns data. This is the request-response messaging pattern. When all the requests are met, the sequence is complete and the web browser presents the data to the customer.

Consider the client/server architectural style if:

  • Your application is server-based and will support many clients.
  • You are creating Web-based applications exposed through a Web browser.
  • You are implementing business processes that will be used by people throughout the organization.
  • You are creating services for other applications to consume.
  • You want to centralize data storage, backup, and management functions.
  • Your application must support different client types and different devices.
N-Tier / 3-Tier
Segregates functionality into separate segments in much the same way as the layered style, but with each segment being a tier located on a physically separate computer.
In the web development field, three-tier is often used to refer to websites, commonly electronic commerce websites, which are built using three tiers:
A front-end web server serving static content, and potentially some cached dynamic content. In web based application, Front End is the content rendered by the browser. The content may be static or generated dynamically.
A middle dynamic content processing and generation level application server (e.g., ASP.NET, Ruby on Rails, Django (web framework), Laravel, Spring Framework, CodeIgniter, Symfony, Flask (web framework))
A back-end database or data store, comprising both data sets and the database management system software that manages and provides access to the data.

Consider the 3-tier architectural style if:
  • You are developing an intranet application where all servers are located within the private network.
  • You are developing an Internet application, and security requirements do not restrict implementing business logic within the public-facing Web or application server.

Consider using more than three tiers if:
  • Security requirements dictate that business logic cannot be deployed to the perimeter network.
  • The application makes heavy use of resources and you want to offload that functionality to another server
Component-Based Architecture
Decomposes application design into reusable functional or logical components that expose well-defined communication interfaces.
  • An individual software component is a software package, a web service, a web resource, or a module that encapsulates a set of related functions (or data).
  • You already have suitable components, or can obtain suitable components from third-party suppliers.
  • Pluggable architecture
e.g., financial applications or business software, Salesforce’s Lightning Design System.

Consider the component-based architectural style if:
  • You already have suitable components, or can obtain suitable components from third-party suppliers.
  • Your application will predominantly execute procedural-style functions, perhaps with little or no data input.
  • You want to be able to combine components written in different code languages.
  • You want to create a pluggable architecture that allows you to easily replace and update individual components.
A design paradigm based on division of responsibilities for an application or system into individual reusable and self-sufficient objects, each containing the data and the behaviour relevant to the object.
E.g. system of the automatic teller machine, an order processing application
Consider the object-oriented architectural style if:
  • You want to model the application based on real-world objects and actions.
  • You already have suitable objects and classes that match the design and operational requirements.
  • You need to encapsulate logic and data together in reusable components.
  • You have complex business logic that requires abstraction and dynamic behaviour.
Layered Architecture
Partitions the concerns of the application into stacked groups (layers).
E.g. 1. Line of business (LOB) applications, such as accounting and customer-management systems.
2. Enterprise Web-based applications and Web sites.
3. Application for restaurant
The main actors are: the customer, the waiter and the Chef
They all have different responsibilities. It is good idea to build your site / application using Layered architecture if following principles are met
  • Have clear separation of responsibilities — each layer being only responsible for itself
  • Exposed workflow — as opposed to the spaghetti code we’ve all see way too many times
  • Ability to replace one or several layers implementation with minimum effort and side effects.
  • Your application is complex, and the high-level design demands separation so that teams can focus on different areas of functionality.
  • You want to implement complex and/or configurable business rules and processes.
  • Your application must support different client types and different devices.
Message Bus
An architecture style that prescribes use of a software system that can receive and send messages using one or more communication channels, so that applications can interact without needing to know specific details about each other.
D-Bus is an open source unix-based tool for inter process communication (IPC) that utilizes the message bus architecture.  D-Bus was designed to address communication between applications in the same desktop session, and between a desktop session and the operating system. D-Bus uses both the  call-and-return and event-based varieties of message passing [19] between applications to  facilitate these concerns
Consider the message-bus architectural style if:
  • You have existing applications that interoperate with each other to perform tasks.
  • You are implementing a task that requires interaction with external applications.
  • You are implementing a task that requires interaction with applications hosted in different environments.
  • You have existing applications that perform specific tasks, and you want to combine those tasks into a single operation.
Service-Oriented Architecture (SOA)
Refers to applications that expose and consume functionality as a service using contracts and messages.
  • Amazon's code base API (Amazon Web Service) which respond to web requests.
  • Reservation system (Starwood Hotels and Resorts)
  • Sharing of medical data (Harvard Medical School)

Consider the SOA style if:
  • You have access to suitable services, or can purchase suitable services exposed by a hosting company.
  • You want to build applications that compose a variety of services into a single UI.
  • You are creating Software plus Services (S+S), Software as a Service (SaaS), or cloud-based applications.
  • You need to support message-based communication between segments of the application.
  • You need to expose functionality in a platform-independent way.
  • You want to take advantage of federated services, such as authentication.
  • You want to expose services that are discoverable through directories and can be used by clients that have no prior knowledge of the interfaces.
  • You want to support interoperability and integration.
Domain Driven Design
An object-oriented architectural style focused on modelling a business domain and defining business objects based on entities within the business domain.
E.g. Project Silk, Home loan processing system

Consider the DDD style if:

  • You are developing software of extremely high essential complexity (with a lot of correlated business rules).
  • And/or software with clear future, where the Domain Model can outlast the infrastructure
  • where the business requirements change fast


Thursday, September 29, 2016

Windows Live ID as an Authentication Provider for SharePoint On Premise

This article discusses the steps that enable the Microsoft Live ID as an authentication provider for SharePoint 2013 On Premise using Microsoft Azure Active Directory
Environment: SharePoint 2013 Enterprise (on premise), Visual Studio 2012, Microsoft Azure
SharePoint does not have a build in option to configure Windows Live ID as Identity Provider, so we need to Setup ACS (Access Control Service) and add Windows Live ID as identity provider. Azure Access Control Service can be used to authenticate your SharePoint 2013 users with Azure AD. In this configuration Azure AD becomes a trusted identity provider for SharePoint 2013.
The following figure shows how authentication works for SharePoint 2013 users in this configuration.
SAML Authentication with Windows Live ID


Following are the steps to setup Azure ACS.
  1. Create a new Azure AD tenant
Create Azure AD Tenant

Add Directory
  1. Create new namespace
Create new namespace

Azure - create new namespace
Active Directory - Azure
Access Control Namespace

  1. Click Manage to navigate to Azure ACS Management Portal
Azure ACS Management Portal
  1. To add a WS-Federation identity provider to the namespace, Click on Identity Providers link under Trust relationships section, click Add, select Windows Live ID and click Next button
Azure ACS Identity Providers
  1. To add SharePoint as a relying party application, click on Relying party applications link under Trust relationships section, click Add and provide details about your SharePoint web application.
Azure ACS  Relying Party Applications
Azure ACS  Relying Party Applications
  1. Create a rule group for claims-based authentication
Azure ACS  Rule Groups
  1. Click Add to create a new Rule Group, click Generate and make sure that a rule is created to the group to pass nameidentifier as nameidentifier, as illustrated by the following figure.
Azure ACS  Rule Groups input and output claims
Azure ACS  Edit Rule Group

  1. Map the new Rule group to the replying party application
Azure ACS  Map Rule Group

  1. Click on Add under Certificates and Keys section to configure the X.509 certificate.
Azure ACS Certificates and Keys
Azure ACS Add Token Signing Certificate and Keys
  1. Execute the PowerShell script provided in the Add Token-Signing Certificate or Key page to create a certificate.

MakeCert.exe -r -pe -n "" -sky exchange -ss my -len 2048 -e 09/23/2017
Navigate to MMC > File > Add/Remove Snap-in > select Certificates > click Next > Select My User Account > click Finish to add Certificates in Selected Snap-ins > click Ok.
MMC > Expand Certificates - Current User > Personal > Certificates > select the appropriate namespace > select Export > click Next > select Yes, export the private key > select Personal Information Exchange > click Next > provide password and click Next > Provide Path to export the certificate and click Next > click Finish
Azure ACS Export Certificates
  1. Upload the certificate and Save
Azure ACS Upload Certificate

Azure ACS Certificate and Keys
Azure ACS Login Page URL
Execute the following line of PowerShell script to create a trusted identity provider and add in to SharePoint.

#the sign in URL can be copied from Application Integration > Login Page Integration

#Certificate location
$certloc = "D:\cpazureacs.cer"

$rootcert = Get-PfxCertificate $certloc

New-SPTrustedRootAuthority "Windows Azure ACS" -Certificate $rootcert

$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($certloc)

$NameIdentifier = New-SPClaimTypeMapping -IncomingClaimType "" -IncomingClaimTypeDisplayName "UPN" -LocalClaimType

$Email = New-SPClaimTypeMapping -IncomingClaimType "" -IncomingClaimTypeDisplayName "Email" -SameAsIncoming

New-SPTrustedIdentityTokenIssuer -Name "Live ID" -Description " Live ID" -Realm $realm -ImportTrustCertificate $cert -ClaimsMappings $NameIdentifier, $Email, -SignInUrl $signinurl -IdentifierClaim ""

$sts = Get-SPTrustedIdentityTokenIssuer
$sts | Set-SPTrustedIdentityTokenIssuer -ImportTrustCertificate $cert

  1. Set Windows Live ID as trusted Identity Provider for the Web Application
Set Windows Live ID as Identity Provider
Set Windows Live ID as Identity Provider
  1. Grant permission to access the Web Application
Grant user permission
  1. Login to the Web Application with live ID.
SAML based Windows Live ID Authentication
SAML based Windows Live ID Authentication Login Page

SAML based Windows Live ID Authentication
SAML based Windows Live ID Authentication User Information
Note that the user name is showing some characters and not the user name or email address. This is because the Windows Live ID does not provide user details and send only name identifier in the SAML Assertion/Response. You can check the SAML Assertion sent in the response using Fiddler tool.
SAML Assertion from Fiddler

In order to get the user name and email address, we can use the Live Connect API. We need to create an ‘application’ on Live Connect and get the client Id of your application. This client Id is used to get the user data with the help of Live SDK.
Following is the URL of the blog post by Martin Laukkanen, which has a sample code and steps that can be used to get the user name and email address of a Live ID user. You can extend the sample as per your requirement.
Screen shots after adding the sample web part to update the user details.
Register application in Windows App
Get Windows Live ID user information
Get Windows Live ID user information using Live Connect SDK