Hello,SharePointer,
We know that provider hosted app’s logic executes outside of the SharePoint farm and hence SharePoint farm needs to be authenticated via issuer Id and following script will help you to generate the Issuer ID for the same:
if ( (Get-PSSnapin -Name Microsoft.Sharepoint.Powershell -ErrorAction SilentlyContinue) -eq $null )
{
Add-PsSnapin Microsoft.Sharepoint.Powershell
}
#Create Issuer ID
$issuerID = [System.Guid]::NewGuid().ToString()
#Get registered Issuer Name
$SPSiteUrl ="http://Spserver:portNumber"
$SPSite = Get-SPSite $SPSiteUrl
$SPrealm = Get-SPAuthenticationRealm -ServiceContext $SPSite
$registeredIssuerName = $issuerID +'@' + $SPrealm
#Validate the request sent by external server via public certificate
$publicCertificateLocation = "C:\Dipti\AppCerts\OnPremApp.cer"
$publicCertificate = Get-PfxCertificate $publicCertificateLocation
#Say to share point that one issuerID shared multiple client IDs.Meaning same certificate can be used for other apps as well
$SPsecureTokenIssuer = New-SPTrustedSecurityTokenIssuer -Name $IssuerID -RegisteredIssuerName $registeredIssuerName -Certificate $publicCertificate -IsTrustBroker
#Turn Off the https requirements specifically for development environment
$ServiceConfig = Get-SPSecuritytokenServiceConfig
$ServiceConfig.AllowAuthOverHttp = $true
$ServiceConfig.Update()
#Run ISSReset to available the IssuerID
iisreset
#Get your available IssuerID
write-host "Your available Issuer ID:" $issuerID
Use your available Issuer ID in your provider hosted app !
Happy sharePointing 🙂
Its for HighTrust app ?
Hi Murugesa,
Yes, Because High Trusted app is provider hosted app that uses digital certificates to establish the trust betwen remote web application and sharepoint. 🙂