Friday, April 29, 2016

Difference between sharepoint hosted app and provider hosted app

The following is kind of cheat sheet that points out the different between SharePoint hosted and Provided hosted apps / add-ins.

Note: Microsoft has deprecated the use of custom managed code within the sand-boxed solution in SharePoint 2013 and introduced SharePoint App model as replacement. The app model decouples the SharePoint core product from app run-time which gives ability to the user to run the code from any environment.


SharePoint Hosted
Provider Hosted
No server side code, 100% client side code
Managed code and high trust
Can be developed using HTML5, CSS, JavaScript, jQuery, ASP.NET Ajax, CSOM, REST API, Silverlight, KnockOut JS, Angular JS
Any programming language can be used
Data Storage Locations: SharePoint Online, Content Database
Data Storage Locations: ISV Storage, Azure Storage, Content Database.
(ISV - Independent Software Vendors)
Start Page Location: On-Premises, SharePoint Online
Start Page Locations: ISV Hosted web site, SharePoint Online, On-Premises SharePoint Online, On-Premises
Can be hosted on either SharePoint on-premises or office 365
Deployed outside  the SharePoint farm
Business logic is JavaScript on custom SharePoint pages
Business logic is mainly remote server-side code.
SharePoint add-in model does not allow managed code to be installed directly on SharePoint, however it can be hosted in application server and a separate website (eg. on IIS).  
App usage scenario: An add-in that includes a people picker control and that stores information about SharePoint users in a SharePoint list
App usage Scenario: Can be used in situations where SharePoint being consumed as service and/or hosted by a provider. App model is the option if you do not have a on premises installation. Go with this option when you require server-side managed code.
App Components are SharePoint components like SP Features, Custom Actions, Lists, Site Columns, Content Types, BCS models(web scoped), Web and list templates
Can connect to any internal or public web service
SharePoint-hosted SharePoint Add-ins do not support event handling,
To handle list and list item events, you need to create remote event receivers (RERs), which are web services that run externally to the SharePoint farm or SharePoint Online.
This add-in components are hosted in the isolated add-in domain of your SharePoint farm
Can be hosted in any web server or hosting service
Authentication: This uses the privileges of the signed in user
Authentication: Uses OAuth or the JavaScript cross-domain library
CRUD Operations: You can use either the REST/OData web service or one of the client object models in SharePoint 2013.
SP.js is available to perform create, read, update, and delete (CRUD) operations on SharePoint data.
CRUD Operations: You can use the REST/OData endpoints in SharePoint 2013 to perform create/read/update/delete (CRUD) operations on data in the add-in web
These apps don't work with SAML Claims authentication provider with ADFS 2.0
Any SharePoint component that can be in a SharePoint-hosted add-in can also be in a provider-hosted add-in.