First draft

Kalyan Krishna · Kalyan Krishna · commit b9ac09921539 · 2018-04-24T14:53:00.000-07:00
diff --git a/README.md b/README.md
@@ -66,7 +66,7 @@ There are two projects in this sample. Each needs to be separately registered in
 
 #### Navigate to the Application registration portal
 
-Sign in in [apps.dev.microsoft.com/](apps.dev.microsoft.com/). From there, you can add converged applications
+Sign in to [application registration portal](apps.dev.microsoft.com/). From there, you can add converged applications.
 
 #### Register the TodoListClient-v2 app
 
@@ -87,7 +87,7 @@ Sign in in [apps.dev.microsoft.com/](apps.dev.microsoft.com/). From there, you c
 1. In the *Platforms* section, click on the **Add Platform** button and then on **Web API**
 1. Copy the scope proposed by default to access your web api as a user. It's in the form ``api://<Application ID>/access_as_user``
 1. In the *Web API platform*, in the *Pre-authorized applications* section click on **Add application**
-1. In the *application ID* field, paste the application ID of the client application as pasted from the registration
+1. In the *application ID* field, paste the application ID of the `TodoListClient-v2` application as pasted from the registration
 1. In the *Scope* field, click on the **Select** combo box and select the scope for this Web API `api://<Application ID>/access_as_user`
 1. Press the **Save** button at the bottom of the page.
 
@@ -113,16 +113,16 @@ a GUID or domain name | users can only sign in with an account for a specific or
 #### Configure the TodoListService C# project
 
 1. Open the solution in Visual Studio.
-1. In the TodoListService project, open the `appsettings.json` file.
-1. Find the `ClientId` property and replace the value with the Application ID (Client ID) property of the Service application, that you registered earlier.
+1. In the *TodoListService* project, open the `appsettings.json` file.
+1. Find the `ClientId` property and replace the value with the Application ID (Client ID) property of the *TodoListService-v2* application, that you registered earlier.
 1. [Optional] if you want to limit sign-in to users in your organization, also update
 - The `Domain` property, replacing the existing value with your AAD tenant domain, for example, contoso.onmicrosoft.com.
 - The `TenantId` property replacing the existing value with the Tenant ID.
 
 #### Configure the TodoListClient C# project
 
 1. In the TodoListClient project, open `App.config`.
-1. Find the app key `ida:ClientId` and replace the value with the ApplicationID (Client ID) for the TodoListClient-v2 app copied from the app registration page.
+1. Find the app key `ida:ClientId` and replace the value with the ApplicationID (Client ID) for the *TodoListClient-v2* app copied from the app registration page.
 1. Find the app key `todo:TodoListScope` and replace the value with the scope of the TodoListService-v2 application copied from the app registration (of the form ``api://<Application ID of service>/access_as_user``)
 1. [Optional] If you want your application to work only in your organization (only in your tenant) you'll also need to Find the app key `ida:Tenant` and replace the value with your AAD Tenant ID (GUID). Alternatively you can also use your AAD tenant Name (for example, contoso.onmicrosoft.com)
 1. [Optional] If you changed the default URL for your service application, find the app key `todo:TodoListBaseAddress` and replace the value with the base address of the TodoListService project.
diff --git a/TodoListClient/App.config b/TodoListClient/App.config
@@ -15,7 +15,7 @@
         - 'consumers' to sign-in only Microsoft personal accounts
     -->
     <add key="ida:Tenant" value="common" />
-    <add key="ida:ClientId" value="[Enter the Application ID (Client ID) of your application from the portal, e.g. b3682cc7-8b30-4bd2-aaba-080c6bf0fd31]" />
+    <add key="ida:ClientId" value="[Enter_client_ID_Of_TodoListClient-v2_from_Azure_Portal,_e.g._784d7a5a-4a49-4d1d-b328-5812070f366f]" />
 
     <!--
       todo:TodoListScope is the scope of the Web API you want to call. This can be:
@@ -24,7 +24,7 @@
       - a scope corresponding to a V1 application (for instance <GUID>/user_impersonation, where  <GUID> is the
         clientId of a V1 application, created in the https://portal.azure.com portal.
     -->
-    <add key="todo:TodoListScope" value="[Enter the scope of the application, e.g. api://b3682cc7-8b30-4bd2-aaba-080c6bf0fd31/access_as_user]" />
+    <add key="todo:TodoListScope" value="api://[Enter_client_ID_Of_TodoListService-v2_from_Azure_Portal,_e.g._2ec40e65-ba09-4853-bcde-bcb60029e596]/access_as_user" />
     <add key="todo:TodoListBaseAddress" value="https://localhost:44351/" />
   </appSettings>
 </configuration>
diff --git a/TodoListService/Extensions/AzureAdAuthenticationBuilderExtensions.cs b/TodoListService/Extensions/AzureAdAuthenticationBuilderExtensions.cs
@@ -50,7 +50,7 @@ public void Configure(string name, JwtBearerOptions options)
             /// <param name="securityToken">Received Security Token</param>
             /// <param name="validationParameters">Token Validation parameters</param>
             /// <remarks>The issuer is considered as valid if it has the same http scheme and authority as the
-            /// authority from the configuration file, has a tenant Id, and optionnally v2.0 (this web api
+            /// authority from the configuration file, has a tenant Id, and optionally v2.0 (this web api
             /// accepts both V1 and V2 tokens)</remarks>
             /// <returns>The <c>issuer</c> if it's valid, or otherwise <c>null</c></returns>
             private string ValidateIssuer(string issuer, SecurityToken securityToken, TokenValidationParameters validationParameters)
diff --git a/TodoListService/appsettings.json b/TodoListService/appsettings.json
@@ -1,16 +1,16 @@
 ﻿{
   "AzureAd": {
     "Instance": "https://login.microsoftonline.com/",
-    "ClientId": "11111111-1111-1111-11111111111111111",
+    "ClientId": "[Enter_client_ID_Of_TodoListService-v2_from_Azure_Portal,_e.g._2ec40e65-ba09-4853-bcde-bcb60029e596]",
 
     /*
       The Domain and TenantId are only needed if you want to accept access tokens
       from a sigle tenant (line of business app)
       Otherwise you can leave them blank
     */
     "Domain": "qualified.domain.name", // for instance contoso.onmicrosoft.com
-    "TenantId": "common" // 'common' or 'organizations' or 'consumers' 
-                         // or tenant ID like '22222222-2222-2222-2222-222222222222'
+    "TenantId": "common" // 'common' or 'organizations' or 'consumers'
+    // or enter Directory ID Of tenant, e.g.contoso.onmicrosoft.com from Azure Portal, e.g. 14c2f153-90a7-4689-9db7-9543bf084dad
   },
   "Logging": {
     "IncludeScopes": false,
