Isolating RER code logic from Provider Hosted Apps

Problem Statement

Users who have full permission on the SharePoint site can delete the mandatory provider hosted apps developed to handle remote events such as List Added, Item Added, etc.,

If the user removes this app by mistake/intentional then the logic written to handle the remote events will not get executed so it’s an overhead for the governance/monitoring job.

Workaround

Deploy the mandatory apps from app catalog as explained here

Optimal Workaround

• Remove the RER code from the List Settings App (Samples.RER.App) and configure full tenant permissions so that we can attach the RER to any Web or List across the tenant.
• Instead of installing the List Settings app (Samples.RER.App) in all the sites, install the app only in App Store site so that we have an app principle (app id and secret) that is trusted in our tenant.
• Don’t deploy the remote web (Samples.RER.AppWeb) that gets created with the List Settings App project (provider hosted).

         Note: I assume you do not have any functionality written on the remote web that gets created with the List Settings App.

• Create a web project(Samples.RER.Service) that implements the IRemoteEventService interface. This essentially means it must override the methods ProcessEvent and ProcessOneWayEvent methods. Make sure that your project now has the TokenHelper.cs class also. The clientcontext object is retrieved as an app only access token. This code is different from the code that is used normally for a RER.
• Go back to our web project(Samples.RER.Service) and plug in the App id and secret for the List Settings App in the web.config file.
• Deploy the app web project(Samples.RER.Service) to azure.
• Use PowerShell/C# to add/remove receivers to different sites and for different events.
• When the event occurs, SharePoint will reach out to the WCF Service URL with the event properties object (SPRemoteEventProperties).

The advantage with this setup is that you can keep updating your web project(Samples.RER.Service) and deploy to Azure and then use PowerShell/C# to add/remove receivers to different sites and for different events. There is no need to deploy, remove, redeployment of the app to attach the receivers.

Thank you Srinivas(MS PFE) for this idea.