Reference
https://dev.office.com/sharepoint/docs/sp-add-ins/create-high-trust-sharepoint-add-ins
https://dev.office.com/sharepoint/docs/sp-add-ins/package-and-publish-high-trust-sharepoint-add-ins
- Install & configure SharePoint 2013 on-premise (not include) Install & configure provider-hosted server
- Window 2008 / 2012 with IIS and ASP.NET 3.5 / 4.5
- Web Deploy
- Use self-signed certificate for developing and replace it with domain-issued certificate or a commercial certificate issued by a Certificate Authority for PROD
- Create self-signed certificate in provider-hostoed server
- Open IIS and highligh <Server name>
- Double-click on Server Certificates in Feature View
- Click on Create Self-signed certificate in Actions
- Specify a name for certificate (HighTrustTest)
- Keep certificate store to Personal
- Click OK to finish
- Export pfx file
- Back to Feature View
- Right click on the certificate created in step 3 (HighTrustTest) and click Export
- Choose a destionation folder for saving pfx file and provide passowrd
- Create cer file
- Back to Feature View
- Double-click on the certificate created in step 3 (HighTrustTest)
- Click Cope to File in Details tab
- Check "No, do not export the private key" in Export Private Key section
- Check "DER encoded binary X.509 (.CER)" in Export File format section
- Config SharePoint to trust provider-hosted server
- Copy .cer file to any server in SharePoint farm
- Run below script wit PowerShell
-
$remoteCerPath= "C:HighTrustTest.cer" $certificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($remoteCerPath) New-SPTrustedRootAuthority -Name "HighTrustTestCert" -Certificate $certificate $realm = Get-SPAuthenticationRealm $issuerId = [System.Guid]::NewGuid() ## write down IssueId, will be userd in next $issuerIdentifier = $issuerId.ToString() + '@' + $realm New-SPTrustedSecurityTokenIssuer -Name "High Trust Test Cert" -Certificate $certificate -RegisteredIssuerName $issuerIdentifier -IsTrustBroker IISReset
- Set OAuth over HTTP
-
$serviceConfig = Get-SPSecurityTokenServiceConfig $serviceConfig.AllowOAuthOverHttp = $true $serviceConfig.Update()