Secure Web API in an SharePoint provider hosted app