What is SharePoint Provider Hosted App

“SharePoint Provider Hosted App” is now officially called as ‘SharePoint Provider Hosted Add-in’ by Microsoft. In rest of the article “App” will be denoted as “Add-in”.

SharePoint Provider Hosted Add-ins contains components that are deployed and hosted outside SharePoint farm. Their installation occurs in host web; however, their remote components are hosted in an isolated server/domain.

SharePoint Hosted Add-ins have a fixed hosting pattern, as they are hosted in Add-in-web. “Provider Hosted Add-in” provides better flexibility for hosting various components of your “Add-in”. If you want to create an application, you need to match your goals and requirements with the appropriate hosting pattern. One of the most important question you need to ask while considering “Provider Hosted Add-ins” and how you want to build them is ‘How Add-in will receive authorization to interact with SharePoint?’.

Provider Hosted Add-ins provide you two options through which you can interact with SharePoint:

1. JavaScript cross-domain library
2. OAuth.

JavaScript cross-domain library
JavaScript cross-domain library allows you to interact with more than one domain from remote components of your add-in through proxy. Cross-domain library is a good option under following two conditions:

1. If client-side code and the permissions assigned to user in SharePoint are sufficient (Read permissions to library).
2. Whenever you are making remote calls through a firewall.

OAuth
OAuth is an open protocol that enables secure authorization from client applications (desktop, web, and mobile applications) in a manageable way. OAuth is required whenever you are calling into SharePoint from a web application that is remotely hosted and can’t use client-side code (HTML + JavaScript) exclusively.

While using Provider hosted Add-in with Azure (Cloud) web deployment and Office 365, you need ‘Microsoft Azure Access Control Service (ACS)’ as the trust broker between Azure (Cloud) Web and Office 365 SharePoint site. But while deploying add-in in ‘On-premises SharePoint 2013’ site, it needs Server certificates along with ACS to enable High-Trust between add-in and SharePoint. These certificates should be installed on SharePoint on-premises server to enable trust between add-in and SharePoint.

Below table lists out all possible patterns for hosting both SharePoint components and remote components of your add-in, along with trust brokers which are available to you in case you are using OAuth.

What is SharePoint-hosted add-in?

SharePoint-hosted add-ins are hosted either on ‘On-premises’ or ‘Office 365 SharePoint farm’, and all its components (i.e. app parts, custom pages, custom lists, etc.) are deployed on SharePoint farm.

Host web: The SharePoint site where an add-in is installed.

Add-in web: An add-in installed on Host web will contain all its resources on an isolated website called Add-in web.

Important Notes:

1. SharePoint-hosted add-in components are hosted in an isolated add-in domain.
2. SharePoint-hosted add-in gets authorized using Logged-in user privileges.
3. SharePoint-hosted add-ins will support only HTML, JavaScript, and CSS to deploy code. It won’t support C# or Managed code.
4. Relatively easy to create and deploy, so suits for small team productivity add-ins and business process automation with lower complexity business rules.
5. SharePoint-hosted add-ins are best to use only when HTML, CSS, and JavaScript (JSOM, Rest API) can fulfill your business requirements.

Source: https://msdn.microsoft.com/en-us/library/office/fp179930.aspx