Category: SharePoint 2013

Creating High Trust Apps – Part 1

This post will detail how to create and test a high trust SharePoint App. A High Trust app is an app that is installed in an On premise SharePoint Farm. High Trust app do not work in Office 365 – which only support Low Trust apps.

Before we can create a High Trust app, the SharePoint Farm has to be configured to support them. The first part of this two part post will detail how to do this for a development farm. It will contain pointers on how to take this into a Production farm where needed.

This blog assumes you already have a working SharePoint 2013 development farm, likely running on one server. The instructions cover this use case: Either

  • SharePoint, SQL Server and Active Directory all on one server, or
  • SharePoint on one Server and SQL Server and Active Directory either sharing or on separate servers.

At a high level this are the steps necessary:

  1. Create a either new isolated domain or subdomain to host your apps in
  2. Create a new User Profile Service Application, has at least the your account as a profile.
  3. Ensure the App Management and Subscription Settings services are running
  4. Create a new Subscription Settings Service Application using PowerShell
  5. Create a new App Management Service Application (Either via Central Admin or PowerShell)
  6. Set the App Domain and App Site Subscription Name (Either via Central Admin or via PowerShell)


  1. Create the App Catalog Site Collection – not required for creating and testing apps using Visual Studio. Required for publishing you apps.

Important Note:

  1. If you are using host headers with you web applications, you will need to create one additional non header web application on either port 80 or 443 and one root collections using any site template. If you are using host header site collections this step is not required.

And now for the details:

1. Create the isolated app domain or sub domain. On the DNS Server (typically the same server running active directory) open up the DNS Manager

  1. Search for “DNS” and open the default app selected. (Assuming you are running Windows Server 2012 or higher)
  2. Create a “New Zone” – right click on the Forward Lookup Zones of your Server name
  3. Click next three times until you get the to “Zone Name” section
  4. Enter a new Zone Name. If you domain was “develop.local” then you could make the name “developapps.local”
  5. Click next twice and click Finish.
  6. Create a new CName for the zone – Click on the new Zone created and right click “New Alias (CNAME)”
  7. Enter “*” for the alias name.
  8. Click the :”Browse…” button and double click on your server name, then on the “Forward Lookup Zones” and finally the domain of your SharePoint farm – in our example “develop.local”. Click OK to complete.
    1. Note: if you have more than one SharePoint server you should double click on the domain and either select the DNS A record of a Farm Web server or the DNS record for the primary cluster address for NLB if used.

2. Next you need to create a User Profile Service Application if not previously created.

  1. It is best to just create this via Central Administration.
    1. First in System Settings > Manage services on server and starting:
      1. User Profile Service
    2. Next in Application Management > Manage Service Applications
      1. Create a new User Profile Service Application
  2. Create a new Profile for the account(s) you use in SharePoint. Alternatively if you can synchronize your user profile service to AD to get multiple accounts. See Synchronize user and group profiles in SharePoint Server 2013 one how to do this.

3. Ensure the App Management and Subscription Settings services are running. This can be verified either:

  1. In Central Administration > System Settings > Manage services on server and starting:
    1. App Management Server
    2. Microsoft SharePoint Foundation Subscription Settings Service
  2. Using Power Shell
    Get-SPServiceInstance | where{$_.GetType().Name -eq "AppManagementServiceInstance" -or $_.GetType().Name -eq "SPSubscriptionSettingsServiceInstance"} | Start-SPServiceInstance
    Get-SPServiceInstance | where{$_.GetType().Name -eq "AppManagementServiceInstance" -or $_.GetType().Name -eq "SPSubscriptionSettingsServiceInstance"}

4. Next the App Management and Subscription Setting service application need to be created. As the latter application can only be created using PowerShell, both will so created:

$account = Get-SPManagedAccount "[Name of Service Account]" 
$appPoolSubSvc = New-SPServiceApplicationPool -Name SettingsServiceAppPool -Account $account
$appPoolAppSvc = New-SPServiceApplicationPool -Name AppServiceAppPool -Account $account

$appSubSvc = New-SPSubscriptionSettingsServiceApplication –ApplicationPool $appPoolSubSvc –Name SettingsServiceApp –DatabaseName SettingsServiceDB 
$proxySubSvc = New-SPSubscriptionSettingsServiceApplicationProxy –ServiceApplication $appSubSvc

$appAppSvc = New-SPAppManagementServiceApplication -ApplicationPool $appPoolAppSvc -Name AppServiceApp -DatabaseName AppServiceDB
$proxyAppSvc = New-SPAppManagementServiceApplicationProxy -ServiceApplication $appAppSvc 

5. Next we need to register the domain name that was created in step 1. This can be set either from the new “App” Section created in Central Administration:

  1. Apps > Configure App URLs
    1. Set the App Domain to the domain created. e.g. “developapps.local”, and
    2. Set the App prefix. e.g. “app”
  2. Use PowerShell:
    Set-SPAppDomain "developapps.local"
    Set-SPAppSiteSubscriptionName -Name "app" -Confirm:$false


 And that’s the end of part one. Note remember to create your app catalog if you want to test publishing apps.

Part two will cover wants required to create a High Trust App, including creating certificates and creating a simple High Trust app using Visual Studio 2013.


Remote Event Receivers debugging and Lists and asset creation

Quick Pattern to follow to debug Remote Event Receivers for List Events for lists in the Host Web. So far I have not been able to debug these successfully. I have been able to when the list and the RER’s are created in the App Web Project and attached to App Web Lists. So it seems to me we could create them in the App web to develop and test them and when working move them into the Host Web.

Also remember any object you what created in the Host web has to be created using code and of course will need the right permissions to do so. These assets can be created either when the app is first run, from a App install event (which makes the app minimally partly a Provider-Hosted App or provisioned from a non app client side application – eg a console application using SCOM.