Pass Your Microsoft 70-485 Exam Easy!

Microsoft 70-485 (Advanced Windows Store App Development Using C#) exam dumps vce, practice test questions, study guide & video training course to study and pass quickly and easily. Microsoft 70-485 Advanced Windows Store App Development Using C# exam dumps & practice test questions and answers. You need avanset vce exam simulator in order to study the Microsoft 70-485 certification exam dumps & Microsoft 70-485 practice test questions in vce format.

Your Guide to Passing the 70-485 Exam: Core Concepts

The Microsoft 70-485 exam, Advanced SharePoint Server 2013 Core Solutions, was a key certification for developers aiming to prove their expertise in creating robust applications for the SharePoint platform. Passing this exam demonstrated a developer's ability to design and implement solutions that extended SharePoint's capabilities far beyond its out-of-the-box features. It was a crucial component of the MCSD: SharePoint Applications certification, signifying a high level of proficiency. The exam focused heavily on the then-new App Model, a fundamental shift away from the traditional full-trust Farm Solutions of earlier SharePoint versions.

This certification was designed for developers with a solid foundation in SharePoint development, including experience with the server and client-side object models, as well as web technologies like JavaScript, CSS, and OAuth. The 70-485 exam specifically tested a candidate's skills in designing app architecture, developing the user interface, handling security, and managing the overall application lifecycle. While the exam itself is now retired, the core principles and technologies it covered, such as CSOM, REST APIs, and client-side development, remain highly relevant for modern SharePoint and Office 365 development.

Understanding the content of the 70-485 exam provides a comprehensive look into a pivotal moment in SharePoint's evolution. It marked the transition towards a more secure, flexible, and cloud-friendly development paradigm. The skills validated by this exam are the bedrock upon which modern frameworks, like the SharePoint Framework (SPFx), were built. Therefore, exploring its topics is not merely a historical exercise; it is an exploration of foundational concepts that continue to influence how we build solutions for SharePoint Online and on-premises environments today, making this knowledge valuable for any serious SharePoint developer.

Understanding the SharePoint App Model

The SharePoint App Model was a centerpiece of the 70-485 exam and represented a paradigm shift in customizing the platform. Unlike traditional Farm Solutions, which ran with full trust on the SharePoint server, apps were designed to be isolated. This isolation enhanced the stability and security of the entire SharePoint farm, as a poorly written app could not bring down the server. Apps communicate with SharePoint primarily through client-side technologies and APIs, such as the Client-Side Object Model (CSOM) and REST services, minimizing direct server-side code execution within the SharePoint process.

There were three primary hosting models for SharePoint Apps, each with its own use case. SharePoint-Hosted Apps were the simplest, consisting of HTML, JavaScript, and CSS files that were deployed to and executed from a special, isolated subsite within SharePoint called an App Web. Provider-Hosted Apps were more powerful, with their server-side logic running on an external server, such as Microsoft Azure or an on-premises IIS server. This model allowed developers to use any server-side technology, like ASP.NET, PHP, or Node.js. The third model, Auto-hosted Apps, was a cloud-based option that has since been deprecated.

The security model for apps was also a significant departure from the past. Instead of running under a service account, apps used an identity of their own, known as an app principal. They operated under a set of permissions explicitly granted by the user or administrator during installation. This was managed through OAuth 2.0, providing a secure and standardized way for the app to authenticate with SharePoint and access data on behalf of either the user or the app itself. This granular permission model ensured that an app could only access the resources it was explicitly authorized to use, a key security concept for the 70-485 exam.

Setting Up Your Development Environment

To effectively prepare for the 70-485 exam, a hands-on development environment was essential. The primary tool for any SharePoint developer was Visual Studio, typically the Professional or Enterprise editions. Microsoft provided the Office Developer Tools for Visual Studio as a crucial extension, which included project templates, designers, and debugging tools specifically for creating SharePoint Apps. These tools streamlined the development process, allowing developers to create projects, design the app manifest, and deploy the app to a SharePoint site for testing with just a few clicks.

For the SharePoint instance itself, developers had two main options. The first was to set up an on-premises SharePoint Server 2013 farm. This approach provided maximum control and was necessary for developing and testing high-trust, provider-hosted apps that integrated with on-premises resources. Setting up a farm involved configuring Windows Server, SQL Server, Active Directory, and finally SharePoint Server itself. This was a complex but comprehensive setup that allowed for deep debugging and performance tuning. It required significant hardware resources but gave the developer full control over the environment.

The second, and often more convenient, option was to use an Office 365 Developer tenant. This provided a cloud-based SharePoint Online environment that was pre-configured and ready for development. This was the ideal choice for creating SharePoint-Hosted Apps and low-trust Provider-Hosted Apps. An Office 365 Developer tenant eliminated the overhead of managing a local server farm and ensured the developer was working with the latest SharePoint features. For many scenarios tested on the 70-485 exam, this cloud-based environment was perfectly sufficient and allowed for a much faster setup time, letting developers focus on writing code rather than managing infrastructure.

Core SharePoint Server-Side Object Model (SSOM)

While the 70-485 exam heavily emphasized the new App Model, a foundational understanding of the traditional Server-Side Object Model (SSOM) was still important. The SSOM is a rich set of .NET assemblies that run directly on the SharePoint server and provide a complete, powerful API for interacting with every aspect of the SharePoint farm. It was the primary development model for SharePoint 2007 and 2010. In the context of SharePoint 2013 and beyond, its use is restricted to Farm Solutions and specific server-side components like timer jobs or custom administrative pages.

The core of the SSOM revolves around a hierarchy of objects that represent the SharePoint farm structure. The entry point is typically an SPSite object, which represents a site collection. From an SPSite object, you can access one or more SPWeb objects, which represent individual sites. Within each SPWeb, you can work with collections of lists (SPListCollection) and individual lists (SPList). Finally, you can access the actual data items within a list through the SPListItem class. This hierarchical structure provided a logical way to navigate and manipulate SharePoint content programmatically.

For the 70-485 exam, knowing when not to use the SSOM was as important as knowing how to use it. The App Model explicitly forbids the use of SSOM because its code runs remotely, not on the SharePoint server itself. Therefore, any solution designed as a SharePoint App must use one of the client-side APIs (CSOM, JSOM, or REST). The SSOM's relevance for the exam was primarily for context and for understanding the underlying platform architecture. It also remained pertinent for hybrid solutions or for maintaining legacy code that had not yet been migrated to the App Model.

Mastering the Client-Side Object Model (CSOM)

The Client-Side Object Model, or CSOM, was a cornerstone of the skills tested in the 70-485 exam. It is a set of client-based libraries that mirror the structure and functionality of the Server-Side Object Model (SSOM). However, unlike the SSOM, CSOM is designed to be used in remote applications, such as console applications, WPF applications, or the server-side component of a provider-hosted app. It allows developers to perform SharePoint operations from a client machine or an external server without running code directly on the SharePoint farm.

CSOM is available in several flavors, but the .NET managed version was a key focus. To use it, a developer references the appropriate Microsoft.SharePoint.Client assemblies in their .NET project. The programming pattern involves creating a ClientContext object, which represents the connection to a specific SharePoint site. Using this context, you can retrieve SharePoint objects like Web, List, and ListItem. Importantly, these objects are initially just property holders; they do not contain data. You must explicitly load the data you need by calling the Load method on the context.

The key to working with CSOM is understanding its batching mechanism. All operations, such as loading data or updating items, are queued up on the client side. They are not sent to the server until you call the ExecuteQuery or ExecuteQueryAsync method on the ClientContext. This single method call bundles all the pending operations into one request, sends it to the server, and the server processes them and sends a single response back. This model is highly efficient as it significantly reduces the number of network round trips, which is critical for performance in remote applications.

A typical CSOM operation involves several steps. First, establish the ClientContext. Second, get a reference to the SharePoint objects you want to work with. Third, specify which properties of those objects you want to retrieve using the Load method. This is a crucial optimization; you should only ever request the data you actually need. Fourth, call ExecuteQuery to fetch the data from the server. Finally, you can then access the populated properties on your client-side objects to perform your business logic. Mastering this pattern was essential for success on the 70-485 exam.

Leveraging the REST API with SharePoint

Alongside CSOM, the SharePoint REST API was another critical technology covered in the 70-485 exam. The REST (Representational State Transfer) service provides a flexible, OData-based interface for interacting with SharePoint data from any technology that can make standard HTTP requests. This made it an incredibly versatile tool, allowing developers to build applications using non-Microsoft platforms like PHP, Java, or Python, as well as from client-side JavaScript running in the browser. Its platform-agnostic nature is one of its greatest strengths.

Interacting with the SharePoint REST API involves constructing specific URLs, or endpoints, that point to the desired SharePoint resources. For example, to access all the lists in a site, you would use an endpoint like /_api/web/lists. To get a specific list by its title, you might use /_api/web/lists/getByTitle('Documents'). The API is discoverable, meaning you can navigate through the data structure by following the URLs. This makes it intuitive for developers familiar with RESTful principles to explore and interact with SharePoint content.

Different HTTP verbs correspond to different CRUD (Create, Read, Update, Delete) operations. A GET request is used to retrieve data. A POST request is used to create new entities, like list items or lists. To update an existing item, you use a MERGE or PUT request, typically with an X-HTTP-Method-Override header. A DELETE request is used to remove an item. Data is usually exchanged in either JSON (JavaScript Object Notation) or XML (Atom) format, with JSON being the most common choice for modern web development due to its lightweight nature and ease of use with JavaScript.

For the 70-485 exam, developers needed to be proficient in constructing these REST URLs and using tools like Fiddler or browser developer tools to test them. They also needed to know how to handle authentication, typically by passing an OAuth access token in the Authorization header of the request. Understanding how to use the REST API to query lists, work with documents, manage user profiles, and execute search queries was fundamental to demonstrating the broad skill set required for the certification.

JavaScript Client-Side Object Model (JSOM)

The JavaScript Client-Side Object Model (JSOM) is the JavaScript equivalent of the .NET CSOM and was a vital skill for the 70-485 exam, particularly for developing SharePoint-Hosted Apps. Since SharePoint-Hosted Apps consist entirely of client-side assets (HTML, CSS, JavaScript) that run within the browser, JSOM is the primary tool for interacting with SharePoint data from within the app itself. Its syntax and structure are very similar to the .NET CSOM, making it relatively easy for developers to transition between the two.

Working with JSOM follows an asynchronous programming model, which is essential for responsive user interfaces in a web browser. The pattern is similar to the .NET CSOM but adapted for JavaScript's nature. You start by getting a SP.ClientContext instance. Then, you retrieve references to SharePoint objects like the web, lists, or list items. Just as with the .NET version, you must explicitly load the properties you need using the load function. Finally, you call executeQueryAsync, providing two callback functions: one for success and one for failure.

The asynchronous nature is critical. The browser does not freeze while waiting for the server to respond. Instead, your code continues to run, and when the server sends back the data, your specified success callback function is executed. If an error occurs, the failure callback is triggered, allowing you to handle the error gracefully. This pattern of defining what to do upon success or failure is fundamental to modern web development and was a key competency tested on the 70-485 exam.

JSOM is loaded into a page by referencing the sp.js file. A common pattern is to use the SP.SOD.executeFunc method to ensure that this script file is loaded before your custom code attempts to use it. Developers preparing for the exam needed to be comfortable writing JavaScript code to perform common SharePoint tasks: querying lists for data, adding and updating list items, and creating new SharePoint artifacts like lists or sites. Proficiency in JSOM was non-negotiable for building rich, interactive SharePoint-Hosted Apps.

Authentication and Authorization in SharePoint Apps

Security is paramount in any application, and the authentication and authorization model for SharePoint Apps was a major topic in the 70-485 exam. The model is built on the foundation of OAuth 2.0, an open standard for authorization. This framework allows a user to grant an application limited access to their resources without having to share their credentials. In the SharePoint context, this means an app is given its own identity, called an app principal, and is granted specific permissions to perform actions.

When a developer creates an app, they must declare the permissions the app requires in its manifest file. These permissions are scoped, meaning you can request rights at different levels, such as Read access to a specific list, Write access to the entire site collection, or Full Control of the tenancy. During installation, SharePoint prompts the user or administrator to grant or deny these requested permissions. This explicit consent model is a core security feature, ensuring that apps operate under the principle of least privilege.

There are two main authorization policies for an app. The User+App policy means the app performs actions on behalf of the currently logged-in user. The effective permissions are the intersection of the user's permissions and the app's permissions. So, an app cannot do something that the user themselves is not allowed to do. The second policy is App-Only. In this case, the app acts with its own identity, and its permissions are based solely on what was granted to the app itself, regardless of the current user's rights. This is useful for scenarios where an app needs elevated privileges to perform a task.

The communication is secured by access tokens. When an app needs to call SharePoint, it first obtains a context token from SharePoint, which it then uses to request an access token from Azure Active Directory (in the case of a low-trust app). This access token is then included in the Authorization header of every API call to SharePoint. Understanding this token flow, the difference between user context and app context, and how to correctly configure permissions in the app manifest were all critical skills for the 70-485 exam.

Designing App Architecture

A fundamental skill tested in the 70-485 exam was the ability to design an appropriate architecture for a SharePoint App. The most critical decision in this process was choosing the correct hosting model. This choice directly impacts the app's capabilities, scalability, security, and maintenance requirements. The two primary options were SharePoint-Hosted and Provider-Hosted. Selecting the right one required a thorough understanding of the business requirements and technical constraints of the project. A developer needed to analyze the trade-offs of each model to make an informed decision.

SharePoint-Hosted Apps were the simpler of the two. They consisted solely of client-side assets like HTML, CSS, and JavaScript, which were deployed to an isolated subsite known as the App Web. All processing occurred within the user's browser. This model was ideal for simple, self-contained solutions that primarily interacted with SharePoint data and did not require external resources or complex server-side logic. Their main advantages were ease of deployment and the fact that they were fully managed by SharePoint, requiring no separate server infrastructure.

Provider-Hosted Apps offered significantly more power and flexibility. In this model, the application's logic resided on an external platform, such as an on-premises IIS server or a cloud service like Microsoft Azure Web Apps. This external component could be built using any server-side technology, including ASP.NET, Node.js, PHP, or Java. This architecture was necessary for apps that needed to run complex server-side code, access external databases, integrate with other line-of-business systems, or perform tasks that required elevated privileges. The trade-off was increased complexity in development, deployment, and security management.

The decision-making process for the 70-485 exam involved several key questions. Does the app need to run server-side code? Does it need to access data sources other than SharePoint? Will it require custom timer jobs or long-running processes? Does it need to integrate with on-premises systems? If the answer to any of these was yes, a Provider-Hosted App was the correct choice. If the app's functionality could be achieved entirely with client-side script interacting with SharePoint lists and libraries, then a SharePoint-Hosted App was the simpler and more efficient solution.

Working with Host Webs and App Webs

Understanding the distinction between the Host Web and the App Web was absolutely critical for the 70-485 exam. This concept is central to the isolation and security of the SharePoint App Model. The Host Web is the SharePoint site where a user installs the app. It is the parent site, containing the business data and content that the user wants the app to interact with. For example, if a user installs a "Project Dashboard" app on their team site, that team site is the Host Web. The app, once installed, often needs to read from or write to lists and libraries within this Host Web.

The App Web, on the other hand, is a special, isolated subsite that SharePoint automatically creates when an app is installed. All the assets of the app, such as its pages, scripts, CSS files, and images, are deployed to this App Web. For a SharePoint-Hosted App, this is where all its components reside. This isolation is a key security feature. It ensures that the app's resources are kept separate from the Host Web's content, preventing potential conflicts and simplifying uninstallation. When an app is removed, its corresponding App Web is also deleted, providing a clean removal process.

The main challenge for developers, and a common topic on the 70-485 exam, was how to access data in the Host Web from the code running within the context of the App Web. Because the app's JavaScript code or remote server-side code is initiated from the App Web, its default context is the App Web itself. To interact with the Host Web, the developer must explicitly get a context for it. This is typically done using a SP.AppContextSite object in JSOM or by using the HostWebUrl query string parameter that SharePoint provides when launching a Provider-Hosted App.

For example, in JSOM, you would create a ClientContext for the App Web, and then use that to create a second AppContextSite targeted at the Host Web URL. This second context object could then be used to query lists and libraries in the parent site where the app was installed. Mastering this cross-domain communication between the App Web and the Host Web was a non-negotiable skill. It was the primary mechanism by which an app could provide useful functionality by interacting with the user's actual data.

Building User Interfaces for SharePoint Apps

Creating a seamless and intuitive user interface (UI) was a key aspect of app development covered in the 70-485 exam. A well-designed app should feel like a natural extension of SharePoint, not a disconnected, third-party tool. To achieve this, Microsoft provided several components and techniques. One of the primary tools was the Chrome Control. This was a JavaScript-based control that developers could include in their app pages to render the standard SharePoint top navigation bar, including the site title, navigation links, and the user's sign-in information. This instantly gave the app a familiar look and feel.

Another important UI component was the App Part, also known as a Client Web Part. App Parts allowed developers to surface content and functionality from their app directly onto pages within the Host Web. An App Part is essentially an iframe that displays a page from the app. A user could add an App Part to a wiki page or a web part page in their team site, allowing them to view a summary of data or access app features without having to navigate away to the app's full-page experience. This provided a deeply integrated experience and was a common requirement for business solutions.

The design of the UI itself was also important. While developers had the freedom to use any web design framework they preferred, such as Bootstrap, it was crucial to ensure the app's styling was consistent with the SharePoint site it was installed on. This could be achieved by referencing SharePoint's core CSS files. SharePoint also passed a set of styling parameters to the app via the query string, such as background color and font choices, which allowed the app to dynamically adapt its appearance to match the theme of the Host Web, further enhancing the integrated user experience.

Finally, responsiveness was a key consideration. Users access SharePoint from a variety of devices, including desktops, tablets, and mobile phones. A well-built app UI needed to be responsive, adapting its layout to different screen sizes to provide an optimal experience for all users. Using responsive design frameworks and CSS media queries was the standard approach to achieve this. The ability to create a polished, integrated, and responsive UI using tools like the Chrome Control and App Parts was a significant part of the skills measured by the 70-485 exam.

Managing App Lifecycle Events

The lifecycle of a SharePoint App consists of several key events: installation, upgrading, and uninstallation. The 70-485 exam required developers to know how to handle these events to perform necessary setup or cleanup tasks. For example, when an app is installed, it might need to create a list in the Host Web to store its configuration data, or it might need to apply custom branding. When it is uninstalled, these artifacts should ideally be removed to keep the site clean. This is managed through app event receivers.

An app event receiver is a web service endpoint that SharePoint calls when a lifecycle event occurs. The primary events are AppInstalled, AppUpgraded, and AppUninstalling. These are remote event receivers, meaning the code does not run on the SharePoint server. Instead, SharePoint sends a notification to a remote web service that the developer has created and registered in the app's manifest. This is a feature exclusively for Provider-Hosted Apps, as it requires a server-side component to listen for and handle these events.

In the AppInstalled event handler, a developer would typically write code to provision necessary resources. This could include creating lists and libraries, setting permissions, or pre-populating data. The code in the receiver would use CSOM or REST to communicate back to SharePoint and perform these actions. This automated setup process ensures that the app is ready to be used immediately after installation without requiring manual configuration by the user or administrator. It is a critical part of creating a professional and user-friendly application.

Similarly, the AppUninstalling event handler is used for cleanup. When a user decides to remove the app, this event fires, giving the developer an opportunity to remove any lists, content types, or other artifacts that were created during installation. This prevents orphaned data and keeps the Host Web tidy. The AppUpgraded event is used to handle changes between versions of an app, such as modifying the schema of a list or deploying new assets. Understanding how to implement these remote event receivers to manage the app lifecycle was a core competency for advanced SharePoint development.

Custom Actions and UI Extensions

A powerful way to integrate an app seamlessly into the SharePoint user experience is by extending the existing UI. The 70-485 exam tested a developer's ability to use custom actions to achieve this. Custom actions allow an app to add new menu items to list item context menus (the ECB or Edit Control Block) or to add custom buttons to the SharePoint Ribbon. This allows users to trigger app functionality directly from the context of their documents and data, creating a much more intuitive and efficient workflow.

For example, an app designed to manage document approvals could add a "Submit for Approval" button to the Ribbon for a document library. When a user selects a document and clicks this button, it could launch a page within the app, passing the context of the selected document. This is far more user-friendly than requiring the user to navigate to the app manually, find the document, and then initiate the process. These UI extensions make the app feel like a built-in part of the SharePoint platform.

Custom actions are defined declaratively within the app's feature XML. In the XML, the developer specifies the location for the new UI element (e.g., "Ribbon.Documents.Manage"), the text for the button or menu item, an icon, and the URL to navigate to when the action is clicked. This URL can be parameterized with tokens, such as {ItemId} or {ListId}, which SharePoint replaces at runtime with the context of the user's selection. This allows the app to know which specific item or list the user was working with when they triggered the action.

These UI extensions are deployed to the Host Web when the app is installed, making them visible to users in their day-to-day SharePoint environment. A developer could also create custom actions that execute a block of JavaScript instead of navigating to a URL. This could be used to open a dialog box or perform a quick action without a full page redirect. Knowing how to properly define, package, and deploy these custom actions to create a deeply integrated user experience was a key skill for any developer aspiring to pass the 70-485 exam.

Utilizing SharePoint Search from an App

The SharePoint search service is an incredibly powerful feature, and the ability to programmatically leverage it from within an app was a significant topic on the 70-485 exam. Apps can execute search queries to find content across the entire SharePoint farm, respecting user permissions and security trimming. This enables the creation of sophisticated solutions, such as custom search portals, knowledge management systems, or dashboards that aggregate relevant information from multiple sites. An app could provide a tailored search experience that goes far beyond the standard SharePoint search UI.

Developers can interact with the search service using either the Client-Side Object Model (CSOM) or the REST API. Both methods allow an app to submit a search query and receive structured results. Using the search REST API is often preferred for its simplicity and platform independence. An app can make a GET request to the /_api/search/query endpoint, passing the search query and other parameters, like which properties to retrieve or how to sort the results, in the URL. The search service then returns the results as a JSON object that can be easily parsed and displayed in the app's UI.

The queries themselves are constructed using the Keyword Query Language (KQL). KQL is a rich language that allows for very specific queries. A developer can search for keywords, but they can also filter results based on managed properties, such as the author of a document, the last modified date, or a specific content type. For example, a query might be "Project Plan" Author:"John Doe" FileType:docx. This allows the app to build highly targeted search experiences that help users find exactly what they are looking for quickly and efficiently.

When an app performs a search, the results are always security-trimmed. This means the search service will only return results that the current user has permission to see. This is a crucial security feature that is handled automatically by SharePoint. The developer does not need to implement any custom security logic. For the 70-485 exam, a candidate needed to be proficient in constructing KQL queries, using both CSOM and REST to execute those queries, and processing the returned result sets to display them to the user in a meaningful way.

Interacting with Managed Metadata Services

Managed Metadata is a key feature in SharePoint for organizing and classifying content through a formal, centrally managed set of terms and keywords, known as a taxonomy. The 70-485 exam required developers to know how to programmatically interact with the Managed Metadata Service (MMS) from within an app. This skill is essential for building applications that involve content classification, custom navigation, or faceted search. For example, an app could be built to automatically tag documents with specific terms based on their content, or it could display a navigation tree based on a term set.

The primary way to work with managed metadata from an app is through the Client-Side Object Model (CSOM). The .NET CSOM and JSOM both include a specific Microsoft.SharePoint.Client.Taxonomy namespace that contains the classes needed to interact with the term store. A developer can connect to the TaxonomySession, get an instance of a TermStore, and then navigate through TermGroup, TermSet, and Term objects. This allows an app to read the entire hierarchy of a term set, which can then be used to build custom navigation or filtering controls.

In addition to reading from the term store, an app can also write to it, provided it has the necessary permissions. An app could be used to programmatically create new terms or even entire term sets, which is useful for automating the setup of information architecture. More commonly, an app will need to tag a SharePoint list item or document with one or more terms. This involves retrieving the Term object and then setting the value of the managed metadata field on the SPListItem. The field value is represented by a TaxonomyFieldValue object, which stores the term's label and unique ID.

For the 70-485 exam, a developer needed to be comfortable with the taxonomy CSOM. This included understanding the object hierarchy from TaxonomySession down to Term, knowing how to retrieve terms, and, most importantly, knowing how to correctly read and write managed metadata field values for list items. Because managed metadata is so fundamental to enterprise content management in SharePoint, the ability to leverage it programmatically was considered an advanced and essential skill for a certified SharePoint developer.

Business Connectivity Services (BCS) in Apps

Business Connectivity Services (BCS) is a SharePoint technology that provides a way to connect to and surface data from external systems, such as SQL databases, web services, or other line-of-business (LOB) applications. The 70-485 exam covered how SharePoint Apps could leverage BCS to present external data within the SharePoint environment. This is a powerful capability that allows developers to create integrated solutions that combine SharePoint's collaboration features with data from external systems, creating a single, unified user experience.

The core concept in BCS is the External Content Type (ECT). An ECT is a definition that describes the schema of the external data and how to connect to and interact with it. For an app, the ECT is defined within the app itself, not in the central SharePoint BCS service application. This is known as an app-scoped External Content Type. The app package would contain a BDC model file that defines the connection information, the data entities, and the specific operations that can be performed (e.g., Read, Create, Update, Delete).

Once an app with an ECT is deployed, it can create an External List. An External List looks and feels like a regular SharePoint list, but its data is not stored in SharePoint's content database. Instead, it is a live view of the data from the external system. Users can interact with this list—viewing, editing, and adding data—just as they would with a native SharePoint list. BCS handles the communication with the external system in the background, providing a seamless experience. This allows, for example, a sales team to manage customer data from a CRM system directly within their SharePoint team site.

For the 70-485 exam, developers needed to understand how to create a BDC model for an app, package it, and deploy it. They also needed to know how to programmatically interact with the External List using the standard SharePoint APIs like CSOM and REST, just as they would with a regular list. The key challenge was configuring the authentication between SharePoint, the app, and the external data source, which often involved using the Secure Store Service to securely store the credentials needed to access the LOB system.

Advanced Authentication Scenarios

A deep understanding of the OAuth-based authentication flow was essential for mastering the advanced topics of the 70-485 exam. For Provider-Hosted Apps, this process involves a complex but secure exchange of tokens. It all begins when a user accesses the app. SharePoint redirects the user to the app's remote web application, providing a special, short-lived Context Token in the request. This token is digitally signed by SharePoint and contains information about the user and the SharePoint site from which the call originated.

The first job of the provider-hosted app is to validate this context token to ensure the request is legitimate and not a forgery. After validation, the app extracts information from the token, including a Refresh Token and a CacheKey. The app then uses this context token to request a time-limited Access Token from the security token service, which is typically Azure Access Control Service (ACS). This access token is the key that grants the app permission to make calls back to SharePoint. The access token is then included in the Authorization header of every API call (CSOM or REST) that the app makes to SharePoint.

Access tokens are short-lived for security reasons, typically expiring after a few hours. When an access token expires, the app cannot simply get a new one. Instead, it must use the long-lived Refresh Token that it received initially to request a new access token from ACS. This flow ensures that the app can maintain access to SharePoint over extended periods without requiring the user to constantly re-authenticate. Properly caching and managing both the refresh token and the access token was a critical skill for building robust provider-hosted apps.

The 70-485 exam also covered the distinction between low-trust and high-trust apps. Low-trust is the model described above, brokered by Azure ACS, and is the standard for SharePoint Online. High-trust, or Server-to-Server (S2S) trust, is used for on-premises deployments where the app's server and the SharePoint server can establish a direct trust relationship using digital certificates. In a high-trust scenario, the app authenticates directly with SharePoint to get access tokens, bypassing the cloud-based ACS. Understanding both models and when to use them was a key differentiator for advanced developers.

Programming with SharePoint Workflows

SharePoint workflows are a powerful tool for automating business processes, and the 70-485 exam required developers to be proficient in creating and interacting with them programmatically. SharePoint 2013 introduced a new workflow architecture, built on Windows Workflow Foundation 4.5 and running on a separate server component called the Workflow Manager. This new platform enabled the creation of more scalable and resilient workflows and allowed them to be initiated from SharePoint Apps.

Developers could create workflows using two primary tools. For simpler, declarative workflows, SharePoint Designer was the tool of choice. However, for more complex logic, custom actions, or integration with external systems, developers used Visual Studio. Visual Studio provided project templates for creating custom workflow activities and for packaging entire workflows as part of a SharePoint App. These workflows could be either sequential or state-machine based, allowing for the modeling of complex, long-running business processes.

A key skill tested on the 70-485 exam was the ability to manage workflows from an app using CSOM or REST. An app could be used to start a workflow on a specific list item, for example, kicking off an approval process when a document is uploaded. An app could also query the status of running workflow instances, retrieve workflow history, or even send events to a running workflow to move it to the next stage. This allowed developers to build rich user interfaces that provided users with insight and control over their automated processes.

Furthermore, workflows themselves could interact with apps. A workflow could be designed to call an external web service. This web service could be part of a provider-hosted app. This powerful feature allowed a workflow to delegate complex processing to the app's server-side code. For instance, a workflow could pass data to an app's web service, which could then perform a calculation or interact with a non-SharePoint system, and then return a result to the workflow. This integration between apps and the new workflow engine was a core advanced development concept.

Conclusion

Beyond the app lifecycle events, the 70-485 exam delved into item-level remote event receivers. These are a modern evolution of the classic event receivers from Farm Solutions. They allow an app to respond to events happening to items in SharePoint lists and libraries, such as when an item is being added, updated, or deleted. Just like app event receivers, these are web service endpoints that SharePoint calls when the specified event occurs. This enables the creation of powerful solutions that can enforce data validation, start a process, or sync data with another system.

Remote event receivers come in two main types: synchronous and asynchronous. Synchronous events occur before the action is completed. The main ones are -ing events, like ItemAdding or ItemDeleting. These are incredibly useful for data validation. For example, an ItemAdding event receiver could check if a value in a form meets certain business rules. If the validation fails, the event receiver can return an error message to SharePoint and cancel the action, preventing the item from being saved. This allows for business logic that is far more complex than what can be achieved with simple column validation settings.

Asynchronous events, or -ed events, occur after the action has been completed. Examples include ItemAdded and ItemUpdated. These are used for tasks that do not need to block the user interface. For instance, after a new item has been successfully added to a list, an ItemAdded event could fire and trigger a call to an external system to log the new entry, or it could start a workflow on the new item. Because these events happen after the fact, they do not impact the user's perceived performance of the SharePoint site.

Implementing a remote event receiver involves creating a WCF or Web API service that can handle the SOAP message sent by SharePoint. The developer then needs to programmatically register this event receiver on a specific list or content type using the CSOM API. This is often done in the AppInstalled event handler. For the 70-485 exam, a candidate needed to understand the difference between synchronous and asynchronous events, know how to build the service to handle the event properties, and know how to programmatically attach and detach these receivers from SharePoint lists.

Go to testing centre with ease on our mind when you use Microsoft 70-485 vce exam dumps, practice test questions and answers. Microsoft 70-485 Advanced Windows Store App Development Using C# certification practice test questions and answers, study guide, exam dumps and video training course in vce format to help you study with ease. Prepare with confidence and study using Microsoft 70-485 exam dumps & practice test questions and answers vce from ExamCollection.