HOW TO: Publish a LightSwitch App (high-trust) to SharePoint On-Premises environment

This post is a contribution from Raghavendra B Nanjaiah, an engineer with the SharePoint Developer Support team.

Just wanted to publish this post provided the steps to publish a LightSwitch App to SharePoint On-Premises environment.  Hope you will find this useful.

Section 1: Create issuer ID (same as high-trust app)

1. Check if any previously registered SPTrustedSecurityTokenIssue exists.  If there’s a malfunctioning one and if –IsTrustBroker switch was used, it means the bad token issuer might be getting called.  If this is the first time you are configuring high-trust apps then you can skip steps a & b below.

a. Run Get-SPTrustedSecurityTokenIssuer.  If no Azure workflow is configured this command should return empty.  If you get any issuer apart from workflow, run below script to delete it.

b. Remove-SPTrustedSecurityTokenIssuer (pass Id value from output of the above command).

2. Create a new SPTruestedSecurityTokenIssuer by running below script, passing your SharePoint Developer site URL and Cert path (.cer) that you will use to sign the token (you need to create a self-signed cert).  For more information see:

Take a note of the $issuerId = “447f40c6-99df-4d37-9739-5370102489f7” from the below script.  We’ll be using it later.

                [Parameter(Mandatory=$true)][string] $TargetSiteUrl,
                [Parameter(Mandatory=$true)][string] $CertPath = $(throw "Usage: ConfigureS2SApp.ps1 <TargetSiteUrl> <Certificate>") 
# On error, stop
$ErrorActionPreference = "Stop"
# Add sharepoint snapin
# add-pssnapin microsoft.sharepoint.powershell
function ConfigureS2SApp([string]$TargetSiteUrl, [string]$CertPath)
                #write-host "Configuring with parameters $appTitle , $TargetSiteUrl , $CertPath"
                write-host "you passed" $TargetSiteUrl $CertPath -foregroundcolor Green
                $issuerId = "447f40c6-99df-4d37-9739-5370102489f7"
                $spweb = Get-SPWeb $TargetSiteUrl
                $realm = Get-SPAuthenticationRealm -ServiceContext $spweb.Site
                $fullAppIdentifier = $issuerId + '@' + $realm
                $certificate = Get-PfxCertificate $CertPath
                New-SPTrustedSecurityTokenIssuer -Name $issuerId -Certificate $certificate -RegisteredIssuerName $fullAppIdentifier –IsTrustBroker
                #turning off https <optional> this will make our sharepoint site run on http and still work with high trust app.
                $serviceConfig = Get-SPSecurityTokenServiceConfig
                $serviceConfig.AllowOAuthOverHttp = $true
ConfigureS2SApp $TargetSiteUrl $CertPath
# done
write-host "S2S is now configured" -foregroundcolor Green

Section 2: Enable SharePoint on LightSwitch app and publish

1. Right-click the LightSwitch project and go to properties and choose SharePoint tab.

2. Enable SharePoint on the project (this basically adds SharePoint related files to LightSwitch project e.g., SharePointLaunch.aspx etc.,).


3. Right-click on the project and click Publish.

4. Select Provider-hosted in SharePoint options.


5. Select IIS server since we will not be using Azure to host LightSwitch app.


6. Select Create Package on disk from the next screen.


7. Select users must connect using Https option.


8. Choose the appropriate data settings for your LightSwitch app.


9. Select use a certificate for a high-trust configuration and provide the certificate details and issuer ID we generated in Section 1 of this post.


10. Choose the web app where LightSwitch will be hosted and provide Client ID (you can generate your own GUID using Visual Studio or PS).


11. Create app principal by following the below steps in PS.

$clientId = "<Your Client ID>"
$spweb = Get-SPWeb "http://mspx2013"
$realm = Get-SPAuthenticationRealm -ServiceContext $spweb.Site
$fullAppIdentifier = $clientId + '@' + $realm
$appPrincipal = Register-SPAppPrincipal -NameIdentifier $fullAppIdentifier -Site $spweb -DisplayName "SimpleHTApp"
Set-SPAppPrincipalPermission -Site $spweb -AppPrincipal $appPrincipal -Scope Site -Right FullControl

12. The summary screen should look like below.


13. From the published folder, upload the .app file to SharePoint Developer Site.


14. Host the LightSwitch app in different IIS web (e.g., https://localhost:9090).

15. When you click on the SampleLightSwitch app you will be redirected to the actual LightSwitch app that’s hosted in your IIS server.


Comments (5)

  1. Bogopolskiy says:

    Thank You for usefull article but it seems that some extra steps should be performed before this configuration begins work. I have SP2013 farm on-premise and custom LS app deployed to IIS on the another server as You described above. I went through all
    the steps You wrote. App work fine when I run it by F5 (It opens with URL https://localhost:44300/HTMLCLient/…). But it doesn’t work when I install it on some site from app gallery. Redircting to… produces the ASP.NET error "Value cannot be null.
    Parameter name: sharePointHostData" in the line 141 "SharePointHost sharePoint = application.SharePoint" of SharePointLaunchBase.cs according to NET.Reflector. Please point me to how to troubleshoot this error. Where does negotiation process between IIS and
    SPFarm go wrong? Thank You

  2. Cesar says:

    No updates on the sharePointHostData error?

  3. What is the Client-ID? says:

    Since this is somewhat new to me I have to ask a couple of naïve questions: 1) what is the client id? Where do I looks this up? I want to use on premises; 2) What kind of Certificate is this? Do I have to create it or is this from a Certificate Authority
    (enterprise wide or public)?