Merge pull request #177405 from MicrosoftDocs/master

10/25 AM Publish

Author: huypub

.openpublishing.redirection.json

@@ -4588,6 +4588,11 @@
       "redirect_url": "/azure/app-service-web/",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/app-service/app-service-migration-assistant.md",
+      "redirect_url": "/azure/app-service/app-service-asp-net-migration",
+      "redirect_document_id": false
+    },    
     {
       "source_path_from_root": "/articles/architecture-overview.md",
       "redirect_url": "/azure/architecture",

articles/active-directory-b2c/add-api-connector-token-enrichment.md

@@ -412,5 +412,3 @@ To learn how to secure your APIs, see the following articles:
 - [Reference: RESTful technical profile](restful-technical-profile.md)
 
 ::: zone-end
-
-

articles/active-directory-b2c/app-registrations-training-guide.md

@@ -75,7 +75,7 @@ The **openid** scope is necessary so that Azure AD B2C can sign users in to an a
 Learn more about [permissions and consent](../active-directory/develop/v2-permissions-and-consent.md).
 
 ## Platforms/Authentication: Reply URLs/redirect URIs
-In the legacy experience, the various platform types were managed under **Properties** as reply urls for web apps/APIs and Redirect URI for Native clients. "Native clients" are also known as "Public clients" and include apps for iOS, macOS, Android, and other mobile and desktop application types.
+In the legacy experience, the various platform types were managed under **Properties** as reply URLs for web apps/APIs and Redirect URI for Native clients. "Native clients" are also known as "Public clients" and include apps for iOS, macOS, Android, and other mobile and desktop application types.
 
 In the new experience, reply URLs and redirect URIs are both referred to as Redirect URIs and can be found in an app's **Authentication** section. App registrations aren't limited to being either a web app or a native application. You can use the same app registration for all of these platform types by registering the respective redirect URIs.
 
@@ -114,4 +114,4 @@ To get started with the new app registration experience:
 * Learn [how to register a native client application](add-native-application.md).
 * Learn [how register a Microsoft Graph application to manage Azure AD B2C resources](microsoft-graph-get-started.md).
 * Learn [how to use Azure AD B2C as a SAML Service Provider.](identity-provider-adfs.md)
-* Learn about [application types](application-types.md).
+* Learn about [application types](application-types.md).

articles/active-directory-b2c/enable-authentication-spa-app.md

@@ -101,12 +101,12 @@ The resources referenced by the *index.html* file are detailed in the following
 |---|---|
 |MSAL.js library| MSAL.js authentication JavaScript library [CDN path](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/cdn-usage.md).|
 |[Bootstrap stylesheet](https://getbootstrap.com/) | A free front-end framework for faster and easier web development. The framework includes HTML-based and CSS-based design templates. |
-|[policies.js](https://github.com/Azure-Samples/ms-identity-b2c-javascript-spa/blob/main/App/policies.js) | Contains the Azure AD B2C custom policies and user flows. |
-|[authConfig.js](https://github.com/Azure-Samples/ms-identity-b2c-javascript-spa/blob/main/App/authConfig.js) | Contains authentication configuration parameters.|
-|[authRedirect.js](https://github.com/Azure-Samples/ms-identity-b2c-javascript-spa/blob/main/App/authRedirect.js) | Contains the authentication logic. |
-|[apiConfig.js](https://github.com/Azure-Samples/ms-identity-b2c-javascript-spa/blob/main/App/apiConfig.js) | Contains web API scopes and the API endpoint location. |
-|[api.js](https://github.com/Azure-Samples/ms-identity-b2c-javascript-spa/blob/main/App/api.js) | Defines the method to use to call your API and handle its response.|
-|[ui.js](https://github.com/Azure-Samples/ms-identity-b2c-javascript-spa/blob/main/App/ui.js) | Controls the UI elements. |
+|[`policies.js`](https://github.com/Azure-Samples/ms-identity-b2c-javascript-spa/blob/main/App/policies.js) | Contains the Azure AD B2C custom policies and user flows. |
+|[`authConfig.js`](https://github.com/Azure-Samples/ms-identity-b2c-javascript-spa/blob/main/App/authConfig.js) | Contains authentication configuration parameters.|
+|[`authRedirect.js`](https://github.com/Azure-Samples/ms-identity-b2c-javascript-spa/blob/main/App/authRedirect.js) | Contains the authentication logic. |
+|[`apiConfig.js`](https://github.com/Azure-Samples/ms-identity-b2c-javascript-spa/blob/main/App/apiConfig.js) | Contains web API scopes and the API endpoint location. |
+|[`api.js`](https://github.com/Azure-Samples/ms-identity-b2c-javascript-spa/blob/main/App/api.js) | Defines the method to use to call your API and handle its response.|
+|[`ui.js`](https://github.com/Azure-Samples/ms-identity-b2c-javascript-spa/blob/main/App/ui.js) | Controls the UI elements. |
 | | |
 
 To render the SPA index file, in the *myApp* folder, create a file named *index.html*, which contains the following HTML snippet.

articles/active-directory-b2c/id-token-hint.md

@@ -20,7 +20,7 @@ Azure AD B2C allows relying party applications to send an inbound JWT as part of
 
 ## Use cases
 
-You can use this solution to send data to Azure AD B2C encapsulated in a single JWT token. The [SignUp with email invitation solution](https://github.com/azure-ad-b2c/samples/blob/master/policies/invite/README.md), where your system admin can send a signed invite to users, is based on id_token_hint. Only users with access to the invite email can create the account in the directory.
+You can use this solution to send data to Azure AD B2C encapsulated in a single JWT token. The [`Signup with email invitation` solution](https://github.com/azure-ad-b2c/samples/blob/master/policies/invite/README.md), where your system admin can send a signed invite to users, is based on id_token_hint. Only users with access to the invite email can create the account in the directory.
 
 ## Token signing approach
 
@@ -37,7 +37,7 @@ The id_token_hint must be a valid JWT token. The following table lists the claim
 | Expiration time | `exp` | `1600087315` | The time at which the token becomes invalid, represented in epoch time. Azure AD B2C validates this value, and rejects the token if the token is expired.|
 | Not before | `nbf` | `1599482515` | The time at which the token becomes valid, represented in epoch time. This time is usually the same as the time the token was issued. Azure AD B2C validates this value, and rejects the token if the token lifetime is not valid. |
 
- The following token is an example of a valid ID token:
+The following token is an example of a valid ID token:
 
 ```json
 {
@@ -101,7 +101,6 @@ When using a symmetric key, the **CryptographicKeys** element contains the follo
 | --------- | -------- | ----------- |
 | client_secret | Yes | The cryptographic key that is used to validate the JWT token signature.|
 
-
 ## How-to guide
 
 ### Issue a token with symmetric keys
@@ -184,15 +183,15 @@ The token issuer must provide following endpoints:
 * `/.well-known/openid-configuration` - A well-known configuration endpoint with relevant information about the token, such as the token issuer name and the link to the JWK endpoint. 
 * `/.well-known/keys` - the JSON Web Key (JWK) end point with the public key that is used to sign the key (with the private key part of the certificate).
 
-See the [TokenMetadataController.cs](https://github.com/azure-ad-b2c/id-token-builder/blob/master/source-code/B2CIdTokenBuilder/Controllers/TokenMetadataController.cs) .NET MVC controller sample.
+See the [`TokenMetadataController.cs`](https://github.com/azure-ad-b2c/id-token-builder/blob/master/source-code/B2CIdTokenBuilder/Controllers/TokenMetadataController.cs) .NET MVC controller sample.
 
 #### Step 1. Prepare a self-signed certificate
 
 If you don't already have a certificate, you can use a self-signed certificate for this how-to guide. On Windows, you can use PowerShell's [New-SelfSignedCertificate](/powershell/module/pki/new-selfsignedcertificate) cmdlet to generate a certificate.
 
 Run this PowerShell command to generate a self-signed certificate. Modify the `-Subject` argument as appropriate for your application and Azure AD B2C tenant name. You can also adjust the `-NotAfter` date to specify a different expiration for the certificate.
 
-```PowerShell
+```powershell
 New-SelfSignedCertificate `
     -KeyExportPolicy Exportable `
     -Subject "CN=yourappname.yourtenant.onmicrosoft.com" `
@@ -206,7 +205,7 @@ New-SelfSignedCertificate `
 
 #### Step 2. Add the ID token hint technical profile 
 
-The following technical profile validates the token and extracts the claims. Change the metadata URI to your token issuer well-known configuration endpoint.  
+The following technical profile validates the token and extracts the claims. Change the metadata URI to your token issuer well-known configuration endpoint.
 
 ```xml
 <ClaimsProvider>

articles/active-directory-b2c/identity-provider-adfs.md

@@ -58,7 +58,7 @@ In this step, configure the claims AD FS application returns to Azure AD B2C.
 
     | LDAP attribute | Outgoing claim type |
     | -------------- | ------------------- |
-    | User-Principal-Name | UPN |
+    | User-Principal-Name | upn |
     | Surname | family_name |
     | Given-Name | given_name |
     | Display-Name | name |
@@ -90,10 +90,10 @@ In this step, configure the claims AD FS application returns to Azure AD B2C.
 1. (Optional) For the **Domain hint**, enter `contoso.com`. For more information, see [Set up direct sign-in using Azure Active Directory B2C](direct-signin.md#redirect-sign-in-to-a-social-provider).
 1. Under **Identity provider claims mapping**, select the following claims:
 
-    - **User ID**: *upn*
-    - **Display name**: *unique_name*
-    - **Given name**: *given_name*
-    - **Surname**: *family_name*
+    - **User ID**: `upn`
+    - **Display name**: `unique_name`
+    - **Given name**: `given_name`
+    - **Surname**: `family_name`
 
 1. Select **Save**.
 
@@ -206,4 +206,4 @@ If the sign-in process is successful, your browser is redirected to `https://jwt
 
 ## Next steps
 
-Learn how to [pass AD-FS token to your application](idp-pass-through-user-flow.md).
+Learn how to [pass AD-FS token to your application](idp-pass-through-user-flow.md).

articles/active-directory-b2c/identity-provider-google.md

@@ -37,7 +37,7 @@ zone_pivot_groups: b2c-policy-type
 
 ## Create a Google application
 
-To enable sign-in for users with a Google account in Azure Active Directory B2C (Azure AD B2C), you need to create an application in [Google Developers Console](https://console.developers.google.com/). For more information, see [Setting up OAuth 2.0](https://support.google.com/googleapi/answer/6158849). If you don't already have a Google account you can sign up at [https://accounts.google.com/SignUp](https://accounts.google.com/SignUp).
+To enable sign-in for users with a Google account in Azure Active Directory B2C (Azure AD B2C), you need to create an application in [Google Developers Console](https://console.developers.google.com/). For more information, see [Setting up OAuth 2.0](https://support.google.com/googleapi/answer/6158849). If you don't already have a Google account you can sign up at [`https://accounts.google.com/signup`](https://accounts.google.com/signup).
 
 1. Sign in to the [Google Developers Console](https://console.developers.google.com/) with your Google account credentials.
 1. In the upper-left corner of the page, select the project list, and then select **New Project**.
@@ -193,4 +193,4 @@ If the sign-in process is successful, your browser is redirected to `https://jwt
 
 ## Next steps
 
-Learn how to [pass Google token to your application](idp-pass-through-user-flow.md).
+Learn how to [pass a Google token to your application](idp-pass-through-user-flow.md).

articles/active-directory-b2c/identity-provider-twitter.md

@@ -31,7 +31,7 @@ zone_pivot_groups: b2c-policy-type
 
 ## Create an application
 
-To enable sign-in for users with a Twitter account in Azure AD B2C, you need to create a Twitter application. If you don't already have a Twitter account, you can sign up at [https://twitter.com/signup](https://twitter.com/signup). You also need to [Apply for a developer account](https://developer.twitter.com/en/apply/user.html). For more information, see [Apply for access](https://developer.twitter.com/en/apply-for-access).
+To enable sign-in for users with a Twitter account in Azure AD B2C, you need to create a Twitter application. If you don't already have a Twitter account, you can sign up at [`https://twitter.com/signup`](https://twitter.com/signup). You also need to [Apply for a developer account](https://developer.twitter.com/en/apply/user.html). For more information, see [Apply for access](https://developer.twitter.com/en/apply-for-access).
 
 1. Sign in to the [Twitter Developer Portal](https://developer.twitter.com/portal/projects-and-apps) with your Twitter account credentials.
 1. Under **Standalone Apps**, select **+Create App**.

articles/active-directory-b2c/manage-user-access.md

@@ -137,7 +137,7 @@ The following steps describe how you can manage terms of use:
 
 1. Record the acceptance of the terms of use and the date of acceptance by using the Graph API and extended attributes. You can do so by using both built-in and custom user flows. We recommend that you create and use the **extension_termsOfUseConsentDateTime** and **extension_termsOfUseConsentVersion** attributes.
 
-2. Create a required check box labeled "Accept Terms of Use," and record the result during signup. You can do so by using both built-in and custom user flows.
+2. Create a required check box labeled "Accept Terms of Use," and record the result during sign-up. You can do so by using both built-in and custom user flows.
 
 3. Azure AD B2C stores the terms of use agreement and the user's acceptance. You can use the Graph API to query for the status of any user by reading the extension attribute that's used to record the response (for example, read **termsOfUseTestUpdateDateTime**). You can do so by using both built-in and custom user flows.
 
@@ -219,4 +219,4 @@ The following is an example of a version-based terms of use consent in a claim.
 
 - [Enable Age Gating in Azure AD B2C](age-gating.md).
 - To learn how to delete and export user data, see [Manage user data](manage-user-data.md).
-- For an example custom policy that implements a terms of use prompt, see [A B2C IEF Custom Policy - Sign Up and Sign In with 'Terms of Use' prompt](https://github.com/azure-ad-b2c/samples/tree/master/policies/sign-in-sign-up-versioned-tou).
+- For an example custom policy that implements a terms of use prompt, see [A B2C IEF Custom Policy - Sign Up and Sign In with 'Terms of Use' prompt](https://github.com/azure-ad-b2c/samples/tree/master/policies/sign-in-sign-up-versioned-tou).

articles/active-directory-b2c/openid-connect-technical-profile.md

@@ -125,7 +125,7 @@ The **CryptographicKeys** element contains the following attribute:
 | client_secret | Yes | The client secret of the identity provider application. This cryptographic key is required only if the **response_types** metadata is set to `code` and **token_endpoint_auth_method** is set to `client_secret_post` or `client_secret_basic`. In this case, Azure AD B2C makes another call to exchange the authorization code for an access token. If the metadata is set to `id_token` you can omit the cryptographic key.  |
 | assertion_signing_key | Yes | The RSA private key which will be used to sign the client assertion. This cryptographic key is required only if the **token_endpoint_auth_method** metadata is set to `private_key_jwt`. |
 
-## Redirect Uri
+## Redirect URI
 
 When you configure the redirect URI of your identity provider, enter `https://{your-tenant-name}.b2clogin.com/{your-tenant-name}.onmicrosoft.com/oauth2/authresp`. Make sure to replace `{your-tenant-name}` with your tenant's name. The redirect URI needs to be in all lowercase.