Wednesday, October 8, 2014

Installation App for SharePoint On-prem

During the installation of a provider hosted app on a SharePoint on-prem environment I encountered following error:
The remote event receiver callout failed. Details: The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate,NTLM'
There was a remote event receiver binded to the AppInstalled event, the callout to this webservice failed.
This error seems indeed correct. The web application, hosted in IIS, was configured for Windows Authentication only.
So, this means that SharePoint calls this web service anonymously? If someone has a better explanation for this, please let me know.

I decided to open the website in IIS, and I changed the authentication for the folder that contained the webservices. Only for this folder I enabled Anonymous and disabled Windows Authentication. This works...

If someone has a better solution for this issue, please leave a comment.

Create Azure Service Bus for debugging SharePoint apps.

If you install Office Developer Tools for Visual Studio 2012, you can debug apps for SharePoint. By using the Microsoft Azure Service Bus, these tools communicate with the same Windows Communications Foundation (WCF) service that remote event handlers (remote event receivers and app event receivers) use. By taking this approach, you avoid network boundary issues between the cloud app and the local web app. This lets you debug remote event receivers in the cloud app. See Developing apps for SharePoint on a remote system.
In fact, what you need is an Azure ACS Service bus. A while ago we could copy the ACS connection directly in the Azure web interface. Now, when you create a new Service Bus via the Azure web interface, only the SAS connectionstring is available.
Solution: create service bus via Azure Powershell:

1. Open Azure Powershell

2. I got this exception:

AuthenticationFailed: A security token exception occured for the received JWT token.

...because I logged on with a Microsoft Account. You can only create a new service bus with an Active Directory account. This means if you have multiple accounts available and you get the connection dialog, you should go for the directory account. If you don't have an Active Directory account, you should go to Azure, there you can create one (and bind it to a subscription).

 After I logged on with the correct account, the creation went well.