In the article, we saw the step by step approach to create a provider hosted application. But on that, while creating an app from visual studio, we are giving a certificate and an Issuer ID. I thought of explaining it to the community for a long time. But we forgot and moved to other areas. Now, it’s time to look in to that.
I request the readers to have a look on the above mentioned article to make sure that we are on the same track.
A quick walk through is, on the step number 5, we need to provide a pfx file and an issuer ID.
This issuer ID will be added automatically on the web.config of our provider hosted application. The steps to create and make use of this are as follows.
1. Create a Self Signed Certificate from InetMgr. Please refer here.
2. Export the certificate and create the PFX with a password.
3. Now, we need to create the Issuer ID.
To create Issuer ID, go to the Appregnew.aspx page. The full URL will be something like, https://MyServer/sites/MySiteCollection/_layouts/15/Appregnew.aspx.
Once, we give the IssuerID, the web.config of the app will looks like
<add key="ClientSigningCertificatePath" value="C:\MyCertificate.pfx"/>
<add key="ClientSigningCertificatePassword" value="****"/>
<add key="IssuerId" value="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx"/>
4. Register the Issuer ID to create a new Trusted Identity Token Issuer using the PowerShell script.
5. The following script will do that.
//Registering a Issuer ID 1dfc02bc-ff74-4604-b295-b58860cba1f9
$issuerID = " xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx "
$targetSiteUrl = "https://MyWebApplication:3000/sites/DeveloperSite/"
$targetSite = Get-SPSite $targetSiteUrl
$realm = Get-SPAuthenticationRealm -ServiceContext $targetSite
$registeredIssuerName = $issuerID + '@' + $realm
$publicCertificatePath = "C:\Certs\MyCert.cer"
$publicCertificate = Get-PfxCertificate $publicCertificatePath
Write-Host "Create Security token issuer"
$secureTokenIssuer = New-SPTrustedSecurityTokenIssuer -Name $issuerID -RegisteredIssuerName $registeredIssuerName -Certificate $publicCertificate -IsTrustBroker
$secureTokenIssuer | select *
$secureTokenIssuer | select * | Out-File -FilePath "SecureTokenIssuer.txt"
#Turn off the HTTPS requirement for OAuth during development
$serviceConfig = Get-SPSecurityTokenServiceConfig
$serviceConfig.AllowOAuthOverHttp = $true
Write-Host "All done..."