Setting up your App domain for SharePoint 2013

 

The most important change in SharePoint 2013 for developers is the introduction of SharePoint apps. An app for SharePoint is a small and isolated application that provides a specific bit of functionality. SharePoint apps can and have to be added to or removed from a site by the site owner.  Apps have their own, isolated URLs, which are separate from the URLs of the sites where the app is being deployed to and where the app is being used. In order to provide isolation apps run in their own domain, instead of in the same domain name as your farm. Using a different domain name for apps helps prevent cross-site scripting between apps and SharePoint sites.
Each installation of an app has its own unique URL within the app domain. The app’s URL is based on a template “http://[app prefix][app hash].[app domain]/[relative site url]/[app name]. When you add an app to a site, a subweb of that site is created to host the app content. This subweb is not visible on the Site Contents page though.

Because apps run in their own app domain you will have to configure Domain Name Services (DNS) in your environment in order to be able to host apps. There is a page on TechNet that describes how to setup you DNS, but because it took me a while to get it all working I decided to write a step by step guide, which is what you’re reading now.

You can choose whether you want your app domain to be a subdomain of the domain that hosts the SharePoint environment (option B), or whether you want to create a completely new domain for your apps (option A). Creating a new domain specifically to host your apps in is a bit more secure, but it also requires a little bit more configuration. I will describe both approaches in this article. If you don’t have control over your DNS you will have to ask an administrator to perform these steps for you.

Option A: Create a new domain to host your apps in

  • Go to “Start”
  • Click on “Administrative Tools”
  • Select “DNS”

Open DNS

  • Right click “Forward Lookup Zones” and select “New Zone…”
  • Click “Next”
  • Keep the default and click “Next” again
  • In most cases, especially if your development server is in it’s own domain you can use the default on the next tab again and can just click “Next”
  • You now have to specify a zone name. It’s up to you what you choose here. My domain name is “solutions.com” and for my app domain I will use “solutionapps.com”
  • Click “Next”

New Zone Wizard

  • Click “Next”
  • Click “Finish”

DNS Manager

  • Right click on your new zone and select “New Alias (CNAME)…”
  • Fill in a * for “Alias name (uses parent domain if left blank)”
  • Click “Browse”
  • Double click on your server name
  • Double click “Forward Lookup Zones”
  • Double click the domain of your SharePoint environment. In my case this is “solutions.com”.
  • Select “(Same as parent folder)” and click “OK”
  • Click “OK”.

* Note that selecting the FQDN of the domain in here will only work in single server scenarios. If you are using more than one server you should be pointing to the DNS record of the web server in here. This is either the DNS A record for the web server, or the DNS record of the primary cluster address for NLB environments.

Create a CNAME

  • You are now done setting up your DNS and it should look like this:

DNS Manager

 

Option B: Create a subdomain to host your apps in

  • Go to “Start”
  • Click on “Administrative Tools”
  • Select “DNS”

Open DNS

DNS Manager

  • Right click on the name of your domain and select “New Alias (CNAME)…”
  • Fill in “*.app” for “Alias name (uses parent domain if left blank)”
  • Click “Browse”
  • Double click on your server name
  • Double click “Forward Lookup Zones”
  • Double click the domain of your SharePoint environment. In my case this is “solutions.com”
  • Select “(Same as parent folder)” and click “OK”
  • Click “OK”

* Note that selecting the FQDN of the domain in here will only work in single server scenarios. If you are using more than one server you should be pointing to the DNS record of the web server in here. This is either the DNS A record for the web server, or the DNS record of the primary cluster address for NLB environments.

Create a new CNAME

  • You are now done setting up your DNS and it should look like this:

DNS Manager

 

Configuring SharePoint

I’m assuming you already created an App Management and a Subscription Settings Service Application and that you already started the App Management and Subscription Settings services on your servers. If not this MSDN article will tell you how to. Note that you have to use PowerShell to create the Subscription Settings Service Application. There is no user interface for it.

Service Applications

Services on Server

  • Go to Central Administration
  • Click on “Apps” in the left side navigation
  • Click “Configure App URLs”
  • Fill in the URL of the app domain that you configured. If you choose to use Option A the url will be something like “solutionapps.com”, if you choose to use Option B it will look like app.solutions.com.
  • Fill in an app prefix. This can be anything you like, although it is best to keep this short. I used “app” myself.

Configure App URLs

Two example urls for two different apps on the same site are:
http://app-fef8493a3feb20.solutionapps.com/sites/apptest/[App1AppName]/Pages/Home.aspx
http://app-fef8493a3feb1d.solutionapps.com/sites/apptest/[App2AppName]/Pages/Default.aspx 
As you can see both apps have their own app hash, but both are in the same domain.

Beware of host headers

You are now ready to deploy your apps. Because of all this extra domain stuff though there are a few things you should know about your web applications and site collections.
If you are using a host header for your web application apps won’t just work for that web application. Because of how the redirect for the app domain works IIS will try to resolve the app url by using the default IIS web site, which of course doesn’t work. If you want to use host headers for your web applications you have to create an extra web application that is listening on port 80 (or 443 if you are using https) and that doesn’t have a host header.
This means that you have to create a web application like you normally would. You have to make sure that you select port 80 (or 443 if you are using https) and you should not fill in a host header. Note that you have to stop the Default Web Site in IIS in order to be able to do this. The web application will use the server name as its url. The web application can be empty except for a root site collection.

Another option is to use web applications without host headers and to create Host Header Site Collections. Be aware that Host Header Site Collections cannot be created via the user interface, they can only be created by using PowerShell.

Comments -
  1. Gravatar

    Excellent post - great write up!

      
  2. Gravatar

    Hi,

    I went through all the steps using B. Our domain is csdarchitects.com. I added the CNAME record using *.app. I changed in Central Admin the APP URL to app.csdarchitects.com with the prefix of app. I get the following error:

    http://app-173a9c1179a23c.app.csdarchitects.com is correct

    Am I doing something wrong?

      
  3. Gravatar

    Excellent post. It helped me getting through the build and deploy steps of SharePoint App but I am still running into issue when user clicks on the installed App. It goes to the correct SharePoint App address with isolated domain but it will keep prompt credential input box trying to connect to the App specific domain.

    Even after I configured IE Intranet security and added the wild card App URL to the trusted site in order to by pass the prompt, it still does not work.

    I was able to ping the App address and noticed Visual Studio 2012 Preview automatically added host file entrance for my SharePoint App.

    I ran out of idea as why this may happen. I tried option A and option B interchangeably with the same result. Occasionally and very rare after many tries (iisreset, restart App deployment, change target SharePoint site deployment and etc.) , I will get a prompt to my SharePoint domain credential, then I was successful and was able to view my App.

      
  4. Gravatar

    A pesar de qué en teoría es sencillo configurar un entorno de SharePoint 2013 para crear

      
  5. Gravatar

    Body: Tonight's episode covers a variety of very interesting topics, delivered in a marginally interesting

      
  6. Gravatar

    Body: This blog post was written about the Preview of SharePoint 2013. This behavior may be different

      
  7. Gravatar

    Hi,

    Excellent post! Thanks for the elaborate information!
    Did you mean to type Note instead of Not in this sentence?
    'Not that you have to stop the Default Web Site in IIS in order to be able to do this.'

    (Also you miss a c in the sentence after for can instead of an ;))

      
  8. Gravatar

    Thanks Caroline :-)

      
  9. Gravatar

    Nice post mirjam! I am also with the same issue as Sean Chen. Any help??

      
  10. Gravatar

    Mirjam, Thanks! Though shouldn't the plan B App Domain URL be "app.solutions.com" and not "apps.solutions.com"?

      
  11. Gravatar

    Thx for sharing!

      
  12. Gravatar

    Os dejo un primer recopilatorio de recursos sobre el nuevo modelo de Aplicaciones de SharePoint 2013

      
  13. Gravatar

    Great Article Thanks alot

      
  14. Gravatar

    THAT was a very excellent post! Thanks for getting me up to speed!

      
  15. Gravatar

    Hi Mirjam,

    great article!

    Just a suggestion to prevent IE to ask you credential for Apps in a different DNS domain, just add that domain in the local intranet zone (in your case Option A add *.solutionapps)

    in the Option B just add *.solutions.com.

    See you in Las Vegas!

      
  16. Gravatar

    Develop SharePoint 2013 Napa App In Local Dev Environment (Configuring On Premises without DNS)

      
  17. Gravatar

    Great stuff Mirjam. Thanks for writing it up!

      
  18. Gravatar

    If any of you ar efacing issue of login credential window being prompted again and again, when you click on an App and even after providing credentials it doesn't work then following is the solution,

    1. Click on Start -> Run and type regedit.
    2. Locate the key 3. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
    4. Right click on this key and choose New > DWord Value
    5. Name this one "DisableLoopbackCheck"
    6. Double-click then on it and type the value “1”
    7. Reboot your server. (Mostly not required)

    This helped me in resolving the issue.

      
  19. Gravatar

    An automated script is available:

    tomvangaever.be/.../prepare-sharepoint-2013-ser...

    Note: The dns settings are not in the script.

      
  20. Gravatar

    It's needed that the site which is going to have the Apps running have port 80 or 443?

    Sharepoint apps can be installed on sites witgh for example port 8080 or 81?

      
  21. Gravatar

    Two example urls for two different apps on the same site are:
    app-fef8493a3feb20.solutionapps.com/sites/apptest/[App1AppName]/Pages/Home.aspx
    app-fef8493a3feb1d.solutionapps.com/sites/apptest/[App2AppName]/Pages/Default.aspx

    How to get the AppUID of my APP.I mean the GUID.I am able to see the Product ID and Client SecretID in both App Manifest and Web.Config file in the Provider Hosted App.

      
  22. Gravatar

    Hi Vijay,

    If you are referring to the ID in the URL then that's generated when the App is installed. I don't think it's stored anywhere, but I also don't think you need it. SharePoint will generate it for you automatically.

    Hope that helps.

    Mirjam

      
  23. Gravatar

    Thanks for the response.yes i am referring to the GUID in the url of the app.If you say the ID will be generated once the app is installed.

    i want to access the app using the url format mentioned above in order to avoid cross site scripting.

    so in order to construct the url in the above format i need app prefix,app hash and appdomain.

    how to get my app prefix once the app is installed to construct the url in above format.

      
  24. Gravatar

    c4968397007:8000/.../viewlsts.aspx#newest

    I hope App InstanceID is the App hasn that you are referring.

    Please advice

      
  25. Gravatar

    Hi Jose,

    Apps can technically run on all ports that you configure.
    However seeing as they run on the same port as the web application that users access I would say that it's a best practice to run them on port 80 or 443.

    Mirjam

      
  26. Gravatar

    Hi Vijay,

    Microsoft created SP.RequestExecutor.js to help solve the cross site scripting challenge. See for examples on how to use it:
    msdn.microsoft.com/en-us/library/fp179927.aspx
    http://msdn.microsoft.com/en-us/library/fp161183(v=office.15).aspx

    Mirjam

      
  27. Gravatar

    Thanks Mirjan for the blogs.

      
  28. Gravatar

    Apps Setting up your App domain for SharePoint 201

      
  29. Gravatar

    Thank you for the helpful post. I'm having trouble viewing my app. I deploy from Visual Studio, go into my development site collection, click the app, and I'm presented with a slew of javascript errors:

    Object expected (a bunch of these)
    SP is undefined
    Sys is undefined
    _spBodyOnLoadFunctionNames is undefined

    I run Fiddler and find a bunch of 500 internal server errors and a few 401 unauthorized errors.

    Any ideas?

      
  30. Gravatar

    Resources Configure an environment for apps for Sh

      
  31. Gravatar

    Excellent read on the topic "Setting up your App domain for SharePoint 2013".. It would be help to all SharePoint.. Like me..!!! Go ahead..!!!

      
  32. Gravatar

    I did everything as mentioned above and followed the TechNet articles but I am getting
    Sorry, we can't seem to connect to the SharePoint Store. Try again in a bit.

    Any ideas?

      
  33. Gravatar

    cool stuff Mirjam. keep writing great work.

      
  34. Gravatar

    Summary: Chris Whitehead , Microsoft Certified Master (SharePoint 2010) and Premier Field Engineer based

      
  35. Gravatar

    Notes *Important – please note that if you are usi

      
  36. Gravatar

    Windbg In siutations like this, I tended to make u

      
  37. Gravatar

    Object expected
    SP is undefined
    Sys is undefined
    _spBodyOnLoadFunctionNames is undefined

    I run Fiddler and find a bunch of 500 internal server errors and a few 401 unauthorized errors.

    Any ideas?

      
  38. Gravatar

    I hope this is not stating the obvious, but in option A and B one of your steps says to -
    "Double click the domain of your SharePoint environment. In my case this is “solutions.com”".

    Please ensure that the correct HOST record is selected (i.e NLB host record/WFE host record).

    In your case above, you have everything hosted off the one machine so it'll just work.

      
  39. Gravatar

    Hi Mirjam ;
    Thank you for this great document. It was very helpful for me. But i am having problems with the hostheaders section. Everything is working fine but at the end i get 404 errors with the purchased apps. Can you give some more details about how to create the webapp without host headers ? If you can put a sample screenshot for that it would be very helpfull.
    Regards...

      
  40. Gravatar

    I have created my app domain, different user and deployed a default app to my site. This all works well, but when I open my app the javascript is not loaded, the stylesheet is corrupt.
    It seems that the app is not resolving the sharepoint site in which it must operate.

    What am I doing wrong?

      
  41. Gravatar

    Inorder to get the app working without javascript errors your webapplication has to be created with a hostheader!

      
  42. Gravatar

    Hi Martijn,

    You definitely do NOT have to create a web application with a host header to avoid JavaScript errors.
    There might be a problem with you browser that is causing the issues, like trusted site settings, or internet/intranet zone settings. There are basically many things that could be causing this, unfortunately it is impossible to tell based on this information.
    I do want to stress that the problem is not caused by the fact that there isn't a host header though.

    Kind regards,
    Mirjam

      
  43. Gravatar

    @Mirjam
    Thank you for describing the host header conflict.

    @Abbas
    Thank you for the registry solution (DisableLoopbackCheck=1) to fix that authentication problem.

    World is full of cool people.

      
  44. Gravatar

    You explained it perfectly, really good post, who follows the instructions will not have any problems. Thank you, cheers!

      
  45. Gravatar
    Y.K

    Hi Mirjam,

    not clear to me -

    if i'm using a host header web application
    and i want it to consume my app catalog for that web application,
    when you say add another non - host header web application - do you mean that i need to add additional non-host header IIS site to same Web Application (such as using the "extend" option in the CA for the my "original" hosted header web application) ???

      
  46. Gravatar

    Hi Y.K,

    You don't have to extend a web application.
    What you should do if all your web applications have host headers right now is to create a completely new Web Application and for that you shouldn't select a host header. In that Web Application you should create a root site collection. You don't have to do anything else with that web application. You don't have to give users access to that web application either. All you have to do is make sure that it's there.

    Hope that helps.

    Kind regards,
    Mirjam

      
  47. Gravatar
    AK

    Just to be clear, if we have a seperate dns server, we should do all the dns configurations there in that server right?
    we always used server names / IPs in the url so this is a bit new for us

      
  48. Gravatar
    Y.K

    Hi Mirjam,

    Thank you very much for the quick & sharp answer.
    Indid, creating empty non-host header 80 port web application with root site collection solved the issue.
    Now, my last question is regarding my specific configuration -
    Since i'm using all my application also from the internet I created extended web application for each one with External internet IP + DNS A record. But when trying to access the downloaded app, the redirect fails.
    Of course, internally it works great.

    Question is -

    Taking in consideration the fact that I need to consume my downloaded apps from the internet via extended web applications, what ADDITIONAL settings should I do so my apps can work from outside ? do I need do define a general outside DNS A record for my 80 port ? how it works ?

    Hope i'm clear enough,
    Y.K

      
  49. Gravatar

    Does anyone have a complete solution for this? For something that should be simple it seems unnecessarily complex and the Microsoft documentation is garbage as usual. Anyone? This is 1 step of many. Where's the whole process?

      
  50. Gravatar

    Sharepoint App Development

      
  51. Gravatar
    Y.K

    Anyone ?

      
  52. Gravatar

    Thanks Mirjam!

      
  53. Gravatar

    Is there an update for this article to include the March update?

      
  54. Gravatar

    When a user connects to the Sharepoint Store. Are they making the connection form their desktop, or is the web connection coming from the server farm?

      
  55. Gravatar

    Hi Patrick,

    The connection to the App Store is made from the server.

    Kind regards,
    Mirjam

      
  56. Gravatar

    Hi AK,

    Yes correct, you can do your DNS configurations on your DNS server.

    Mirjam

      
  57. Gravatar

    Hi Y.K,

    Until you install the March 2013 Public Update (PU) you can only get apps to work in the default zone. This means that it won't work on any extended web applications. The March Public Update will fix this. Make sure to test before you install it on production though as it can introduce some other issues into your environment.

    Kind regards,
    Mirjam

      
  58. Gravatar

    Hi ,

    I tried with the first approach and added a DNS entry with another domain.
    But when i try to ping the domain using cmd prompt it doesn't get resolved . I am using a Virtual machine which has its own domain .

    Am i doing smthing wrong????

      
  59. Gravatar

    Same story as many other posters.

    No Kerberos, internet-facing web app, dns is fine, loopback check disabled, *.appdomain.com in Trusted IE zone (and apps show as being in Trusted zone once we go there).

    Each and every single app prompts for a login once, then is fine for the existing browser session once the user provides credentials. The moment a user closes their browser, the prompts begin for every app once again.

    Any other ideas?

      
  60. Gravatar

    Hi

    we have our intranet on port 80 then creating a new webapplication its complaing about the portis

    Sorry, something went wrong
    The IIS Web Site you have selected is in use by SharePoint. You must select another port or hostname.

      
  61. Gravatar

    Hi again

    iget this error

    Sorry, something went wrong
    The IIS Web Site you have selected is in use by SharePoint. You must select another port or hostname.

    colud i our should i extend mysite and intranet to map to Another ports? and us AAM

    Regards Tommy

      
  62. Gravatar
    Ram

    Hi Tommy ,

    you have to stop the Default Web Site in IIS in order to run your intranet on port 80 :)


    Regards,
    Ram

      
  63. Gravatar
    cha

    subdomain note clarification:
    domain is solutionapps.com
    sharepoint site is sp.solutionapps.com

    within configure app url set app domain = app.solutionsapps.com
    app prefix = app

    dns looks like this:
    dns entry *.app.solutionsapps.com
    FQDN = sp.solutionsapps.com

    before these changes, my browser could not find site because dns was redirected to root level of dns. You need to clarify subdomain as app.solutionsapps.com along with prefix app.

      
  64. Gravatar

    great stuff Mirjam.... thanks for sharing

      
  65. Gravatar

    Thanks Alot...!

      
  66. Gravatar

    Hi,

    I am getting this error :

    string bearerResponseHeader = e.Response.Headers["WWW-Authenticate"];

    Can you please help me ?


    Thanks,
    Jiniv Thakkar

      
  67. Gravatar

    Has anyone followed this guide and then received a "Sorry, we can't seem to connect to the SharePoint Store. Try again in a bit."

    I have doubled check everything. Anything I am missing?

    SharePoint Server 2013
    Windows 2008 R2 Standard

      
  68. Gravatar

    Hi Mirijam,
    Great article. learnt a lot, thank you.
    In a couple of places where I wasn't clear / got stuck, I found the step by step instructions with screenshots from this site very useful:
    www.naumanahmed.com/.../...management-service.html

    Keep up the good work.

    Mubbasher.

      
  69. Gravatar

    I tried the same thing - I created an extra Web App on port 443 (since we're using HTTPS). After that when I browse Apps, all I see is white blank page. Please help me!!!

    Thanks in advance,
    Ashish

      
  70. Gravatar

    Configuring SharePoint 2013 Apps and Multiple Web Applications on SSL with a Single IP Address

      
Comments have been closed on this topic.