COURSE OVERVIEW The Great Office 365 Adventure Duration: 5 days It's no secret that Microsoft has been shifting its development strategy away from the SharePoint on-premises environment to focus on the Office 365 environment and Windows Azure. Microsoft introduced the SharePoint add-in model (formerly known as the SharePoint app model) with the release of SharePoint 2013. Then in October of 2014 Microsoft announced a new and distinct development platform for Office 365 based on Azure Active Directory and the Office 365 APIs. As a consequence, many professional developers with SharePoint development experience are beginning to feel that their skillsets have become outdated and need an extreme makeover to catch up and keep pace with the constantly-evolving Office 365 platform. The Great Office 365 Adventure is an intensive five-day training course which provides a comprehensive examination of the different styles in which a professional developer can create custom software solutions for the Office 365 environment and SharePoint Online. The course begins by teaching essential client-side programming techniques including how to create Office add-ins and SharePoint-hosted add-ins using Visual Studio, JavaScript, jquery, the JavaScript API for Office, the SharePoint REST API and the AngularJS framework. Once students have learned how to develop SharePoint-hosted add-ins, the course then examines using JavaScript injection and embedded scripts in SharePoint Online to create custom solutions that do not suffer from the limitations imposed by the SharePoint add-in model. The course also teaches essential server-side programming techniques including how use Visual Studio and the ASP.NET MVC framework to create provider-hosted add-ins for SharePoint Online and to create custom web applications that access content in the Office 365 environment using the Office 365 APIs. Students will learn best practices in Office 365 security programming such as how to acquire and manage access tokens using Azure Active Directory (AAD). Along the way, students will be exposed to essential Microsoft frameworks for server-side development including MVC, Entity Framework, Web API 2, Open Web Interface for.net (OWIN) and Microsoft's Katana project. All instructor demonstrations and student lab exercises will be conducted live inside the Office 365 environment.
While not covered comprehensively, the course does contain material that can be used to prepare students for the following Microsoft Certification Exams: 70-480: Programming in HTML5 with JavaScript and CSS3 70-486 : Developing ASP.NET MVC web applications Student Prerequisites Attendees should be in good health and should have professional development experience with Visual Studio, C#, the.net Framework, ASP.NET, JavaScript and jquery. It is also recommended that attendees have previous hands-on experience with the SharePoint platform as well as experience using AngularJS and ASP.NET MVC. Course Agenda Day 1 Day 2 Day 3 Day 4 Day 5 Office 365 Developer Roadmap Programming the SharePoint REST API Getting Started with Providerhosted Add-ins Developing SharePoint Add-ins with Remote Event Receivers Authenticating with Azure Active Directory and OAuth 2.0 Developing Office Addins Developing SharePoint Add-ins with AngularJS Developing Providerhosted Add-ins using MVC5 Developing Custom Web Services using Web API 2 Getting Started with the Office 365 APIs Developing SharePointhosted Addins Extending SharePoint Online using JavaScript Injection Programming the Client-side Object Model (CSOM) Publishing and Installing Addins in the Office 365 Environment Developing MVC5 applications using the Office 365 Unified API Developing SPAs with AngularJS and the Office 365 Unified API
Module 01: Office 365 Developer Road Map This module provides an introduction to Office 365 as a development platform and discusses the different approaches that can be used to develop custom software solutions for Office 365 and SharePoint Online. The module provides an overview of the Office add-in model and the SharePoint add-in model and then discusses the types of solutions that can be created using them. The module also discusses alternatives approaches for Office 365 development including the use of JavaScript injection in SharePoint Online and developing applications that program against the Office 365 APIs. The module walks through setting up an Office 365 development environment which includes an Office 365 Developer site, an Office 365 tenancy and a directory in Azure Active Directory (AAD). The module also explains how to obtain a Windows Azure subscription which makes it possible to deploy ASP.NET applications to the Azure cloud and to create and configure AAD applications using the Windows Azure Management Portal. Office 365 Development Platform Overview The Office Add-in Model The SharePoint Add-in Model JavaScript Injection and Embedded Scripts Development using the Office 365 APIs Understanding Office 365 Tenancies and Azure AD Directories Hands-on Lab: Getting Started with SharePoint Add-in Development Exercise 1: Creating a New Office 365 Developer Site Exercise 2: Getting Around in an Office 365 Tenancy Exercise 3: Creating and Debugging a Simple SharePoint-hosted Add-in Exercise 4: Accessing a Directory in AAD using the Windows Azure Management Portal Module 02: Developing Office Add-ins This module begins by introducing the Office Add-in model and discussing the different types of Office add-ins which can be used in Office 365 development. Students will learn how to leverage the JavaScript API for Office to read and write content to and from the current Office document when developing a Task Pane add-in or a Content Add-in. Students will also learn how to create data bindings to specific content regions in an Office document to enable callback notifications from the host Office application whenever a user updates content. The module also demonstrates how to use coercion types and Office Open XML formats to provide an advanced technique for programmatically adding formatted content into a Word document. The module concludes with a discussion of Mail add-ins and a walkthrough of the steps required to create and debug a Mail add-in project using Visual Studio and an Exchange mailbox in the Office 365 environment.
Introduction to the Office Add-in Model Working with the JavaScript API for Office Developing Task Pane Add-ins and Content Add-ins Working with Coercion Types and Open XML Formats Creating and Debugging a Mail Add-in using Visual Studio Hands-on Lab: Creating and Debugging Office Add-ins Exercise 1: Creating a Task Pane Add-in for Microsoft Word Exercise 2: Writing Content to a Word Document Using Coercion Types Exercise 3: Writing Content to a Word Document using Office Open XML Exercise 4: Creating and Debugging a Mail App using Visual Studio Module 03: Developing SharePoint-hosted Add-ins This module begins by examining the architecture of a SharePoint-hosted add-in and discussing the role of the add-in web (formerly known as the app web). Students will learn why SharePoint Online creates a new add-in web within its own isolated DNS domain each time a SharePoint-hosted add-in is installed. Students will learn about the default permission set granted to a SharePoint add-in as well as how to elevate to higher levels of permissions by including permissions requests in the add-in manifest. The module also examines user interface design issues with SharePoint-hosted add-ins such as whether to create pages using ASPX files versus using HTML files and whether to design a SharePoint-hosted add-in project as a multipage application or a single page application (SPA). The module also demonstrates how to extend the user interface of the host web with a SharePoint-hosted add-in by creating custom add-in parts (formerly app parts) and user custom actions. SharePoint-hosted Add-in Architecture Understanding the Add-in Web and the Isolated Add-in Web Domain Add-in Permissions and Permission Request User Interface Design for SharePoint-hosted Add-ins Adding Add-in Parts to a SharePoint-hosted Add-in Project Adding User Custom Actions to a SharePoint-hosted Add-in Project Hands-on Lab: Developing Add-in Parts in a SharePoint-hosted Add-in Exercise 1: Creating a SharePoint-hosted Add-in as an SPA Exercise 2: Creating and Testing a Simple Add-in Part Exercise 3: Extending an Add-in Part with Custom Properties Exercise 4: Using User Custom Actions to create ECB Menus Items and Ribbon Button
Module 04: Programming the SharePoint REST API This module begins with a quick primer on the fundamentals of REST and the OData protocol. Next, the module examines the architecture and the functionality of the SharePoint REST API provided by SharePoint Online. Students will learn how to formulate REST URIs which target SharePoint objects such as sites, lists and list items and how to execute asynchronous REST API calls using the jquery library. The module steps through how to use the SharePoint REST API to implement the full range of CRUD behavior in a SharePoint-hosted add-in by creating, reading, updating and deleting items in a SharePoint list. The module demonstrates how to implement paging with SharePoint list items using skip tokens returned by the SharePoint REST API. Students will also learn advanced OData programming techniques in SharePoint Online for dealing with the request digest and using verbose metadata and etags to implement optimistic concurrency when performing updates. Introduction to the SharePoint REST API Creating REST URIs to Target SharePoint Objects Consuming OData Results from the SharePoint REST API Paging SharePoint List Items using $skiptoken Adding and Updating Items using the SharePoint Rest API Hands-on Lab: Programming with the SharePoint REST API Exercise 1: Getting the SharePointCRM Starter Project Up and Running Exercise 2: Querying Items in a SharePoint List using the SharePoint REST API Exercise 3: Adding and Deleting List Items with the SharePoint REST API Exercise 4: Updating Existing List Items using Optimistic Concurrency Module 05: Developing SharePoint Add-ins with AngularJS This module provides a quick and intensive introduction to development using the AngularJS framework. Students will learn how to use AngularJS to develop a SharePointhosted add-in that is designed as a single page applications (SPA). The module explains what features the AngularJS framework provides as well as in which scenarios it makes sense to use them. Students will learn essential AngularJS concepts and techniques such as creating a custom Angular routing scheme using custom controllers and custom views. Students will also learn the AngularJS best practice of separating data access code which calls to the SharePoint REST API by creating a custom AngularJS service. The module concludes by discussing the forthcoming releases of AngularJS 2.0 and ECMAScript 6.0 and what developers can expect when migrating development projects created using AngularJS 1.0. Introduction to AngularJS
Understanding Angular Modules and Code Injection Working with Angular Routes, Views and Controllers Programming with the Built-in Angular Services Creating a Custom Angular Service to Access the SharePoint REST API What's Coming Next with AngularJS 2.0 and ECMAScript 6 Hands-on Lab: Creating a SharePoint-hosted Add-in using Bootstrap and AngularJS Exercise 1: Creating a SharePoint-hosted Add-in using Bootstrap and AngularJS Exercise 2: Implementing AngularJS Views, Controllers and Routing Exercise 3: Adding a Custom Service to Call the SharePoint REST API Exercise 4: Creating, Updating and Deleting SharePoint List Items Module 06: Extending SharePoint Online using JavaScript Injection The module begins by explaining the central concept of JavaScript injection where scripts containing custom JavaScript code are uploaded to SharePoint Online and executed using the permissions of the current user. Students will learn to get started with JavaScript injection using the Script Editor Web Part. Next, students will learn how to extend a SharePoint site by adding new pages and custom JavaScript code which makes use of the JavaScript Object Model (JSOM) and the SharePoint REST API. The module explains how to design an effective approach for loading JavaScript library dependencies as well as how to execute custom JavaScript code with user custom actions such as ribbon buttons, ECB menu items and ScriptLinks. The module concludes by demonstrating how to use JavaScript injection in a custom solution to provision lists and document libraries in SharePoint Online and to customize list views using client-side rendering with JSLink and custom display templates. Understanding How JavaScript Injection Works in SharePoint Online Programming the JavaScript Object Model (JSOM) Loading JavaScript Library Dependencies Executing Custom JavaScript Logic with User Custom Actions Provisioning Lists and Document Libraries in SharePoint Online Customizing SharePoint List Views using JSLink and Display Templates Hands-on Lab: Developing and Debugging a Provider-hosted Add-in Exercise 1: Getting Started with the Script Editor Web Part Exercise 2: Programming the JavaScript Object Model (JSOM) Exercise 3: Executing Custom JavaScript Logic with User Custom Actions Exercise 4: Creating a Custom Solution to Provisioning SharePoint Lists Exercise 5: Customizing SharePoint List Views using JSLink and Display Templates
Module 07: Getting Started with Provider-hosted Add-ins The module begins by examining the architecture of a provider-hosted add-in and describing the details of how SharePoint Online launches a provider-hosted add-in by redirecting the user to a start page in the remote web. Students will learn how to decide between Web Forms and the MVC framework when creating a new provider-hosted addin project as well as when to leverage the SharePoint Chrome Control when designing the user interface experience. The module also discusses how to design and implement a provider-hosted add-in as a single page application (SPA) which deploys client-side JavaScript code to the remote web which is able to program against the host web using the Cross Domain Library. The module also explains how provider-hosted add-ins with server-side code rely on external authentication using the OAuth 2.0 protocol. Students will learn how to write server-side code using the SharePointContext class and the TokenHelper class to acquire and manage access tokens. Architecture of a Provider-hosted Add-in Choosing Between Web Forms and the MVC Framework Creating a Provider-hosted Add-in as a Single Page Application (SPA) Knowing When and How to use the Cross Domain Library Implementing OAuth 2.0 Security using SharePointContext and TokenHelper Hands-on Lab: Developing and Debugging a Provider-hosted Add-in Exercise 1: Creating a Provider-Hosted Add-in that uses Web Forms Exercise 2: Creating a User Interface using a Master Page and the Chrome Control Exercise 3: Writing Server-side Code to Acquire and Manage Access Tokens Exercise 4: Creating an SPA that uses the Cross Domain Library Module 08: Developing Provider-hosted Add-ins with MVC The module discusses how to design and develop a provider-hosted add-in using the MVC framework in ASP.NET. Students will learn how to add controllers and views to an MVC application as well as how to integrate these MVC components into a provider-hosted add-in project in Visual Studio. The module teaches students how to leverage controllers and views in MVC when developing a provider-hosted add-in containing add-in parts and user custom actions. The module also provides students with an introduction to creating custom databases in a cloud-friendly fashion using Entity Framework and the code-first approach to entity modeling. After seeing how Entity Framework can be used to create an entity model and a custom database, students will then be shown how to leverage an entity model in an MVC application by creating a strongly-typed controller class which
makes it easier and more error proof to develop MVC views which intermix HTML and C# code. Designing and Developing a Provider-hosted Add-in using MVC Implementing Add-in Parts using MVC Controllers and Views Implementing User Custom Actions using MVC Controllers and Views Creating a Custom Database for Persistent Storage using Entity Framework Creating a Strongly-typed Controller Class using an Entity Framework Model Hands-on Lab: Developing a Provider-hosted Add-in using the MVC Framework Exercise 1: Creating a Provider-Hosted Add-in that uses the MVC Framework Exercise 2: Designing and Implementing Add-in Parts using MVC Exercise 3: Using Entity Framework to Create a Custom Database Exercise 4: Creating a Strongly-typed Controller Class using an Entity Framework Model Exercise 5: Caching SharePoint State and User Data Across Requests Module 09: Programming the Client-side Object Model (CSOM) This module introduces students to programming with the Client-side Object Model (CSOM) in SharePoint Online. Emphasis will be placed on using CSOM when writing server-side C# code to implement the remote web of a provider-hosted add-in. Student will learn the various ways in which CSOM can be used to authenticate the user and to authenticate the SharePoint add-in itself. Students will learn CSOM programming techniques for provisioning site columns, content types, lists and document libraries in the host web. Along the way, students will also learn how to optimize CSOM calls across the network and how to utilize CSOM's support for remote exception handling when executing CSOM commands in batches. Understanding CSOM Architecture Writing Code to Authenticate Users and Add-ins Optimizing CSOM Communications Across the Network Writing CSOM Code using Remote Exception Handling Using CSOM to Create Site Columns, Content Types and Lists Hands-on Lab: Programming a Provider-hosted Add-in using the CSOM
Exercise 1: Creating a Provider-hosted Add-in that Uses CSOM Exercise 2: Programing CSOM to Query the Set of Lists in the Host Web Exercise 3: Programing CSOM to Create a List in the Host Web Exercise 4: Programing CSOM to Create Site Columns and Content Types Module 10: Developing SharePoint Add-ins with Remote Event Receivers This module discusses when and how to use remote event receivers in the design of a provider-hosted add-in. The module discusses the architectural differences between "before events" which are modeled as two-way events and "after events" which are modeled as one-way events. Students will learn how to configure and implement an App- Installed event handler which can be used to provision lists, document libraries and other types of assets in the host web during the installation of a provider-hosted add-in. Students will learn how to configure debugging support for remote event receivers in the SharePoint Online environment by registering an Azure service bus endpoint and integrating that service bus endpoint with a Visual Studio project. The module also demonstrates a CSOM programming technique which can be used to register a remote event receiver dynamically so it's possible to wire up remote event handlers to lists and document libraries in the host web. Understanding the Remote Event Receiver Architecture Creating a Remote Event Receiver for the App-Installed Event Configuring Debugging Support with an Azure Service Bus Endpoint Registering Remote Event Receivers in the Host Web using CSOM Creating a Remote Event Receiver for List Item events Hands-on Lab: Extending a Provider-hosted Add-in with Remote Event Receivers Exercise 1: Implementing an App-Installed Event Handler in a Provider-hosted Add-in Exercise 2: Configuring Debugging Support with an Azure Service Bus Endpoint Exercise 3: Registering a Remote Event Receiver in the Host Web using CSOM Exercise 4: Creating a Remote Event Receiver to Validate List Item Updates Module 11: Developing Custom Web Services using Web API 2 This module teaches students how to create, test and debug custom web services using Web API 2. Students will learn how to implement a RESTful web service using an API controller as well as how to call this RESTful service from JavaScript code running in the browser. Students will learn how to use attribute routing to create a web service with a custom routing schemes. After discussing API controllers, the module then moves on to cover ODATA controllers and how they can be used to implement the ODATA protocol and to add support for ODATA query options such as filtering, sorting and inline count. Student will learn how to leverage the Visual Studio scaffolding support to quickly create a strongly-typed ODATA controller from an entity model created using Entity Framework. The module concludes with an examination of Cross-Origin Resource
Sharing (CORS) and a demonstration of how to add CORS support to web services created with Web API 2 to allow cross-domain calls from client-side JavaScript code running in a browser. Understanding API Controllers and Call Routing Creating a RESTful Web Service using an API Controller Designing a Custom Routing Scheme using Attribute Routing Creating an OData Web Service using an OData Controller Adding Support for Cross-Origin Resource Sharing (CORS) Hands-on Lab: Developing Custom RESTful and ODATA Services using Web API 2 Exercise 1: Creating and Calling a RESTful Web API Exercise 2: Creating and Calling an OData Web API Exercise 3: Creating an OData Web API using a Strongly-typed API Controller Class Exercise 4: Adding Support for Cross-Origin Resource Sharing (CORS) Module 12: Publishing and Installing Add-ins in the Office 365 Environment This module discusses how to manage the lifecycle of Office add-ins and SharePoint addins in the Office 365 environment. Students will learn how to publish Office add-ins and SharePoint add-ins using the App Catalog site. Students will also learn the various ways in which add-ins can be installed by standard users and by tenant administrators. The module explains the differences between installing a SharePoint add-in at site scope versus tenancy scope. Students will also learn how to upgrade SharePoint-hosted add-ins using feature upgrade techniques to replace files in the add-in web containing HTML, CSS and JavaScript. The module concludes by discussing the steps involved with deploying a provider-hosted add-in and its associated Entity Framework database in the Office 365 environment which involves creating a new Azure Web App and a SQL Azure Database to host the remote web and a custom database in the Azure cloud. Creating the App Catalog Site in an Office 365 Tenancy Publishing Office Add-ins and SharePoint Add-ins Installing and Managing Office Add-ins Installing SharePoint Add-ins at Site Scope versus Tenancy Scope Updating SharePoint-hosted Add-ins using Feature Upgrade
Deploying a Provider-hosted Add-in using a Windows Azure Web App Hands-on Lab: Publishing and Installing Add-ins Exercise 1: Creating the App Catalog Site Collection Exercise 2: Packaging and Deploying a SharePoint-hosted Add-in Exercise 3: Installing a SharePoint-hosted Add-in at the Tenancy Scope Exercise 4: Upgrading a SharePoint-hosted Add-in Exercise 5: Deploying a Provider-Hosted Add-in using a Windows Azure Web App Module 13: Authenticating with Azure Active Directory and OAuth 2.0 This module begins with an overview of the Azure Active Directory (AAD) security model which involves user authentication, application authentication and an authorization scheme based on configurable permissions. The module explains the differences between application permissions and delegated permissions as well as how permissions are granted to an application using the Common Consent framework. The module discusses when to use single-tenant applications versus multitenant applications and demonstrates how to configure AAD applications to support common OAuth 2.0 authentication flows using authorization codes, client credentials and implicit flows. The module examines the low-level details of authentication with AAD and then shows how to abstract away these low-level details by authenticating users and acquiring access tokens with the Active Directory Authentication Library for.net (ADAL-NET) and the OWIN framework. Understanding How Authentication Works with Azure Active Directory Understanding Application Permissions versus Delegated Permissions Granting Permissions to Applications using the Common Consent Framework Understanding Single-tenant Applications versus Multitenant Applications Acquiring and Caching Access Tokens using the Active Directory Authentication Library Implementing Cookie-based Authentication and OpenID Connect using OWIN Middleware Hands-on Lab: Developing Provider-hosted Apps with Azure and O365
Exercise 1: Implementing the Authorization Code Grant Flow without ADAL-NET Exercise 2: Implementing the Authorization Code Grant Flow with ADAL-NET Exercise 3: Configuring an AAD Application with a Client Credentials Certificate Exercise 4: Implementing the Client Credentials Grant Flow with ADAL-NET Module 14: Introduction to the Office 365 APIs This module provides an introduction to software development using the Office 365 APIs. Students will learn how Microsoft s use of open standards makes the Office 365 APIs accessible to a wide range of development platforms, developer tools and programming languages. The module also explains the set of service endpoints currently available in the Office 365 APIs and how they can be used by developers to access content and features in the Office 365 environment. The module also focuses on the Office 365 Unified API and explains how it abstracts away the divisions between Azure Active Directory, Exchange and SharePoint Online. Students will learn how to execute REST calls against the Office 365 Unified API to get information about the current user and to program against messages and calendar events in the current user s Exchange mailbox. The module concludes by demonstrating how the Office 365 Unified API Client Library can increase developer productivity by automatically executing REST calls and handling ODATA results behind the scenes. Understanding the Office 365 APIs Support for Open Standards Accessing the Office 365 APIs from Windows and non-windows Platforms Examining the Services and Functionality of the Office 365 APIs Understanding the Role of the Office 365 Unified API Programing against the Office 365 Unified API using REST Calls Programing against the Office 365 Unified API using the.net Client Library Hands-on Lab: Developing a Native Desktop Application which uses the Office 365 Unified API Exercise 1: Creating a Native Desktop Application which uses the Office 365 Unified API Exercise 2: Acquiring Access Tokens using the Active Directory Authentication Library Exercise 3: Calling to the Office 365 Unified API using REST Calls Exercise 3: Programming with the Office 365 Unified API Client Library Module 15: Developing MVC Applications with the Office 365 Unified API This modules provides a step-by-step look at designing and implementing a MVC web application which leverages the Office 365 Unified API to access data and content from
Azure Active Directory, Exchange and SharePoint Online. Students will learn how to use the Connected Services Wizard in Visual Studio to register an MVC web application with AAD and to configure the associated Visual Studio project with AAD application properties and NuGet packages. The module provides an in-depth walkthrough of the steps involved with implementing authentication and authorization in an MVC web application by inserting OWIN middleware components into the request processing pipeline to implement cookie-based authentication and to add support for managing OpenID Connect security tokens. This module concludes with a discussion of best practices in managing access tokens using the token caching support of the Active Directory Authentication Library for.net (ADAL-NET) combined together with the Entity Framework. Registering an MVC Web Application using the Connected Services Wizard Understanding How To Use the OWIN Framework Using OWIN to Implement Cookie-based Authentication and OpenID Connect Controlling Authentication Flow with an Account Controller Class Best Practices in Caching and Refreshing Access Tokens Hands-on Lab: Developing an MVC Application using the Office 365 Unified API Exercise 1: Registering an MVC Application using the Connected Service Wizard Exercise 2: Configuring the OWIN Request Processing Pipeline Exercise 3: Creating an Account Controller Class to Encapsulate Authentication Exercise 4: Caching Access Tokens using ADAL-NET and Entity Framework Module 16: Developing SPAs with AngularJS and the Office 365 Unified API This module discusses how to develop single page applications (SPAs) that authenticate users with Azure Active Directory (AAD) and access the Office 365 environment using the Office 365 Unified API. Students will learn how to write client-side JavaScript code which leverages the Active Directory Authentication Library for JavaScript (ADAL-JS) together with the AngularJS framework to authenticate users and to acquire and cache access tokens with minimal effort. The module explains how to configure an Azure AD application to support the implicit flow grant which is a requirement when using ADAL- JS. Along the way, students will learn how to extend an AngularJS application using a custom service which accesses the Office 365 Unified API as well as how to integrate this custom service into an AngularJS application design along with controllers and views. Understanding the Implicit Grant Flow Developing with the Active Directory Authentication Library for JavaScript (ADAL- JS) Understanding How to Initialize ADAL-JS with Service Endpoint Acquiring and Caching Access Tokens with ADAL-JS Understanding Authentication and Authorization with Custom Web Services
Hands-on Lab: Developing an SPA which uses the Office 365 Unified API Exercise 1: Configuring an AAD Application to Support Implicit Grant Flow Exercise 2: Developing a Single Page Application (SPA) using AngularJS Exercise 3: Integrating the Active Directory Authentication Library for JavaScript (ADAL-JS) Exercise 4: Creating a Custom Angular Service to Access the Office 365 Unified API Exercise 5: Creating and Calling a Secured Web Service