Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into migstv2

Author: dlepow

.openpublishing.redirection.azure-monitor.json

@@ -1,6 +1,11 @@
 {
     "redirections": [
-         {
+        {
+            "source_path_from_root": "/articles/azure-monitor/snapshot-debugger/snapshot-collector-release-notes.md",
+            "redirect_url": "/azure/azure-monitor/snapshot-debugger/snapshot-debugger#release-notes-for-microsoftapplicationinsightssnapshotcollector",
+            "redirect_document_id": false
+        },
+        {
             "source_path_from_root": "/articles/azure-monitor/best-practices.md",
             "redirect_url": "/azure/azure-monitor/getting-started",
             "redirect_document_id": false

articles/active-directory/develop/includes/web-app/quickstart-aspnet.md

@@ -26,7 +26,7 @@ See [How the sample works](#how-the-sample-works) for an illustration.
 ## Prerequisites
 
 * An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
-* [Visual Studio 2019](https://visualstudio.microsoft.com/vs/)
+* [Visual Studio 2022](https://visualstudio.microsoft.com/vs/)
 * [.NET Framework 4.7.2+](https://dotnet.microsoft.com/download/visual-studio-sdks)
 
 ## Register and download the app
@@ -71,11 +71,11 @@ If you want to manually configure your application and code sample, use the foll
 3. Depending on the version of Visual Studio, you might need to right-click the project **AppModelv2-WebApp-OpenIDConnect-DotNet** and then select **Restore NuGet packages**.
 4. Open the Package Manager Console by selecting **View** > **Other Windows** > **Package Manager Console**. Then run `Update-Package Microsoft.CodeDom.Providers.DotNetCompilerPlatform -r`.
 
-5. Edit *Web.config* and replace the parameters `ClientId`, `Tenant`, and `redirectUri` with:
-   ```xml
-   <add key="ClientId" value="Enter_the_Application_Id_here" />
-   <add key="Tenant" value="Enter_the_Tenant_Info_Here" />
-   <add key="redirectUri" value="https://localhost:44368/" />
+5. Edit *appsettings.json* and replace the parameters `ClientId`, `Tenant`, and `redirectUri` with:
+   ```json
+   "ClientId" :"Enter_the_Application_Id_here" />
+   "TenantId": "Enter_the_Tenant_Info_Here" />
+   "RedirectUri" :"https://localhost:44368/" />
    ```
    In that code:
 
@@ -100,48 +100,30 @@ This section gives an overview of the code required to sign in users. This overv
 You can set up the authentication pipeline with cookie-based authentication by using OpenID Connect in ASP.NET with OWIN middleware packages. You can install these packages by running the following commands in Package Manager Console within Visual Studio:
 
 ```powershell
-Install-Package Microsoft.Owin.Security.OpenIdConnect
+Install-Package Microsoft.Identity.Web.Owin
+Install-Package Microsoft.Identity.Web.MicrosoftGraph
 Install-Package Microsoft.Owin.Security.Cookies
-Install-Package Microsoft.Owin.Host.SystemWeb
 ```
 
 ### OWIN startup class
 
 The OWIN middleware uses a *startup class* that runs when the hosting process starts. In this quickstart, the *startup.cs* file is in the root folder. The following code shows the parameters that this quickstart uses:
 
 ```csharp
-public void Configuration(IAppBuilder app)
-{
-    app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
-
-    app.UseCookieAuthentication(new CookieAuthenticationOptions());
-    app.UseOpenIdConnectAuthentication(
-        new OpenIdConnectAuthenticationOptions
-        {
-            // Sets the client ID, authority, and redirect URI as obtained from Web.config
-            ClientId = clientId,
-            Authority = authority,
-            RedirectUri = redirectUri,
-            // PostLogoutRedirectUri is the page that users will be redirected to after sign-out. In this case, it's using the home page
-            PostLogoutRedirectUri = redirectUri,
-            Scope = OpenIdConnectScope.OpenIdProfile,
-            // ResponseType is set to request the code id_token, which contains basic information about the signed-in user
-            ResponseType = OpenIdConnectResponseType.CodeIdToken,
-            // ValidateIssuer set to false to allow personal and work accounts from any organization to sign in to your application
-            // To only allow users from a single organization, set ValidateIssuer to true and the 'tenant' setting in Web.config to the tenant name
-            // To allow users from only a list of specific organizations, set ValidateIssuer to true and use the ValidIssuers parameter
-            TokenValidationParameters = new TokenValidationParameters()
-            {
-                ValidateIssuer = false // Simplification (see note below)
-            },
-            // OpenIdConnectAuthenticationNotifications configures OWIN to send notification of failed authentications to the OnAuthenticationFailed method
-            Notifications = new OpenIdConnectAuthenticationNotifications
-            {
-                AuthenticationFailed = OnAuthenticationFailed
-            }
-        }
-    );
-}
+    public void Configuration(IAppBuilder app)
+    {
+        app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
+
+        app.UseCookieAuthentication(new CookieAuthenticationOptions());
+        OwinTokenAcquirerFactory factory = TokenAcquirerFactory.GetDefaultInstance<OwinTokenAcquirerFactory>();
+
+        app.AddMicrosoftIdentityWebApp(factory);
+        factory.Services
+            .Configure<ConfidentialClientApplicationOptions>(options => { options.RedirectUri = "https://localhost:44368/"; })
+            .AddMicrosoftGraph()
+            .AddInMemoryTokenCaches();
+        factory.Build();
+    }
 ```
 
 |Where  | Description |
@@ -155,10 +137,6 @@ public void Configuration(IAppBuilder app)
 | `TokenValidationParameters`     | A list of parameters for token validation. In this case, `ValidateIssuer` is set to `false` to indicate that it can accept sign-ins from any personal, work, or school account type. |
 | `Notifications`     | A list of delegates that can be run on `OpenIdConnect` messages. |
 
-
-> [!NOTE]
-> Setting `ValidateIssuer = false` is a simplification for this quickstart. In real applications, validate the issuer. See the samples to understand how to do that.
-
 ### Authentication challenge
 
 You can force a user to sign in by requesting an authentication challenge in your controller:
@@ -182,6 +160,24 @@ public void SignIn()
 
 You can protect a controller or controller actions by using the `[Authorize]` attribute. This attribute restricts access to the controller or actions by allowing only authenticated users to access the actions in the controller. An authentication challenge will then happen automatically when an unauthenticated user tries to access one of the actions or controllers decorated by the `[Authorize]` attribute.
 
+### Call Microsoft Graph from the controller
+
+You can call Microsoft Graph from the controller by getting the instance of GraphServiceClient using the `GetGraphServiceClient` extension method on the controller, like in the following code:
+
+```csharp
+    try
+    { 
+        var me = await this.GetGraphServiceClient().Me.Request().GetAsync();
+        ViewBag.Username = me.DisplayName;
+    }
+    catch (ServiceException graphEx) when (graphEx.InnerException is MicrosoftIdentityWebChallengeUserException)
+    {
+        HttpContext.GetOwinContext().Authentication.Challenge(OpenIdConnectAuthenticationDefaults.AuthenticationType);
+        return View();
+    }
+```
+
+
 [!INCLUDE [Help and support](../../../../../includes/active-directory-develop-help-support-include.md)]
 
 ## Next steps

articles/app-service/operating-system-functionality.md

@@ -47,6 +47,8 @@ At its core, App Service is a service running on top of the Azure PaaS (platform
 - An operating system drive (`%SystemDrive%`), whose size varies depending on the size of the VM.
 - A resource drive (`%ResourceDrive%`) used by App Service internally.
 
+A best practice is to always use the environment variables `%SystemDrive%` and `%ResourceDrive%` instead of hard-coded file paths.  The root path returned from these two environment variables has shifted over time from `d:\` to `c:\`.  However, older applications hard-coded with file path references to `d:\` will continue to work because the App Service platform automatically remaps `d:\` to instead point at `c:\`.  As noted above, it is highly recommended to always use the environment variables when building file paths and avoid confusion over platform changes to the default root file path.
+
 It is important to monitor your disk utilization as your application grows. If the disk quota is reached, it can have adverse effects to your application. For example: 
 
 - The app may throw an error indicating not enough space on the disk.

articles/azure-app-configuration/enable-dynamic-configuration-aspnet-core.md

@@ -230,6 +230,48 @@ The configuration refresh is triggered by the incoming requests to your web app.
 
     ![Launching updated quickstart app locally](./media/quickstarts/aspnet-core-app-launch-local-after.png)
 
+## Logging and monitoring
+
+Logs are output upon configuration refresh and contain detailed information on key-values retrieved from your App Configuration store and configuration changes made to your application.
+
+- A default `ILoggerFactory` is added automatically when `services.AddAzureAppConfiguration()` is invoked. The App Configuration provider uses this `ILoggerFactory` to create an instance of `ILogger`, which outputs these logs. ASP.NET Core uses `ILogger` for logging by default, so you don't need to make additional code changes to enable logging for the App Configuration provider.
+- Logs are output at different log levels. The default level is `Information`.
+
+    | Log Level | Description |
+    |---|---|
+    | Debug | Logs include the key and label of key-values your application monitors for changes from your App Configuration store. The information also includes whether the key-value has changed compared with what your application has already loaded. Enable logs at this level to troubleshoot your application if a configuration change didn't happen as expected. |
+    | Information | Logs include the keys of configuration settings updated during a configuration refresh. Values of configuration settings are omitted from the log to avoid leaking sensitive data. You can monitor logs at this level to ensure your application picks up expected configuration changes. |
+    | Warning | Logs include failures and exceptions that occurred during configuration refresh. Occasional occurrences can be ignored because the configuration provider will continue using the cached data and attempt to refresh the configuration next time. You can monitor logs at this level for repetitive warnings that may indicate potential issues. For example, you rotated the connection string but forgot to update your application. |
+
+    You can enable logging at the `Debug` log level by adding the following example to your `appsettings.json` file. This example applies to all other log levels as well.
+    ```json
+    "Logging": {
+        "LogLevel": {
+            "Microsoft.Extensions.Configuration.AzureAppConfiguration": "Debug"
+        }
+    }
+    ```
+- The logging category is `Microsoft.Extensions.Configuration.AzureAppConfiguration.Refresh`, which appears before each log. Here are some example logs at each log level:
+    ```console
+    dbug: Microsoft.Extensions.Configuration.AzureAppConfiguration.Refresh[0]
+        Key-value read from App Configuration. Change:'Modified' Key:'ExampleKey' Label:'ExampleLabel' Endpoint:'https://examplestore.azconfig.io'
+
+    info: Microsoft.Extensions.Configuration.AzureAppConfiguration.Refresh[0]
+        Setting updated. Key:'ExampleKey'
+
+    warn: Microsoft.Extensions.Configuration.AzureAppConfiguration.Refresh[0]
+        A refresh operation failed while resolving a Key Vault reference.
+    Key vault error. ErrorCode:'SecretNotFound' Key:'ExampleKey' Label:'ExampleLabel' Etag:'6LaqgBQM9C_Do2XyZa2gAIfj_ArpT52-xWwDSLb2hDo' SecretIdentifier:'https://examplevault.vault.azure.net/secrets/ExampleSecret'
+    ```
+
+Using `ILogger` is the preferred method in ASP.NET applications and is prioritized as the logging source if an instance of `ILoggerFactory` is present. However, if `ILoggerFactory` is not available, logs can alternatively be enabled and configured through the [instructions for .NET Core apps](./enable-dynamic-configuration-dotnet-core.md#logging-and-monitoring). For more information, see [logging in .NET Core and ASP.NET Core](/aspnet/core/fundamentals/logging).
+
+> [!NOTE]
+> Logging is available if you use version **6.0.0** or later of any of the following packages.
+> - `Microsoft.Extensions.Configuration.AzureAppConfiguration`
+> - `Microsoft.Azure.AppConfiguration.AspNetCore`
+> - `Microsoft.Azure.AppConfiguration.Functions.Worker`
+
 ## Clean up resources
 
 [!INCLUDE [azure-app-configuration-cleanup](../../includes/azure-app-configuration-cleanup.md)]

articles/azure-app-configuration/enable-dynamic-configuration-dotnet-core.md

@@ -140,6 +140,47 @@ Calling the `ConfigureRefresh` method alone won't cause the configuration to ref
     > [!NOTE]
     > Since the cache expiration time was set to 10 seconds using the `SetCacheExpiration` method while specifying the configuration for the refresh operation, the value for the configuration setting will only be updated if at least 10 seconds have elapsed since the last refresh for that setting.
 
+## Logging and monitoring
+
+Logs are output upon configuration refresh and contain detailed information on key-values retrieved from your App Configuration store and configuration changes made to your application. If you have an ASP.NET Core application, see these instructions for [Logging and Monitoring in ASP.NET Core](./enable-dynamic-configuration-aspnet-core.md#logging-and-monitoring). Otherwise, you can enable logging using the instructions for [logging with the Azure SDK](/dotnet/azure/sdk/logging).
+
+- Logs are output at different event levels. The default level is `Informational`.
+
+    | Event Level | Description |
+    |---|---|
+    | Verbose | Logs include the key and label of key-values your application monitors for changes from your App Configuration store. The information also includes whether the key-value has changed compared with what your application has already loaded. Enable logs at this level to troubleshoot your application if a configuration change didn't happen as expected. |
+    | Informational | Logs include the keys of configuration settings updated during a configuration refresh. Values of configuration settings are omitted from the log to avoid leaking sensitive data. You can monitor logs at this level to ensure your application picks up expected configuration changes. |
+    | Warning | Logs include failures and exceptions that occurred during configuration refresh. Occasional occurrences can be ignored because the configuration provider will continue using the cached data and attempt to refresh the configuration next time. You can monitor logs at this level for repetitive warnings that may indicate potential issues. For example, you rotated the connection string but forgot to update your application. |
+
+    You can enable logging at the `Verbose` event level by specifying the `EventLevel.Verbose` parameter, as done in the following example. These instructions apply to all other event levels as well. This example also enables logs for only the `Microsoft-Extensions-Configuration-AzureAppConfiguration-Refresh` category.
+    ```csharp
+    using var listener = new AzureEventSourceListener((eventData, text) =>
+    {
+        if (eventData.EventSource.Name == "Microsoft-Extensions-Configuration-AzureAppConfiguration-Refresh")
+        {
+            Console.WriteLine("[{1}] {0}: {2}", eventData.EventSource.Name, eventData.Level, text);
+        }
+    }, EventLevel.Verbose);
+    ```
+- The logging category is `Microsoft-Extensions-Configuration-AzureAppConfiguration-Refresh`, which appears before each log. Here are some example logs at each event level: 
+    ```console
+    [Verbose] Microsoft-Extensions-Configuration-AzureAppConfiguration-Refresh:
+    Key-value read from App Configuration. Change:'Modified' Key:'ExampleKey' Label:'ExampleLabel' Endpoint:'https://examplestore.azconfig.io'
+
+    [Informational] Microsoft-Extensions-Configuration-AzureAppConfiguration-Refresh:
+    Setting updated. Key:'ExampleKey'
+
+    [Warning] Microsoft-Extensions-Configuration-AzureAppConfiguration-Refresh:
+    A refresh operation failed while resolving a Key Vault reference.
+    Key vault error. ErrorCode:'SecretNotFound' Key:'ExampleKey' Label:'ExampleLabel' Etag:'6LaqgBQM9C_Do2XyZa2gAIfj_ArpT52-xWwDSLb2hDo' SecretIdentifier:'https://examplevault.vault.azure.net/secrets/ExampleSecret'
+    ```
+
+> [!NOTE]
+> Logging is available if you use version **6.0.0** or later of any of the following packages.
+> - `Microsoft.Extensions.Configuration.AzureAppConfiguration`
+> - `Microsoft.Azure.AppConfiguration.AspNetCore`
+> - `Microsoft.Azure.AppConfiguration.Functions.Worker`
+
 ## Clean up resources
 
 [!INCLUDE [azure-app-configuration-cleanup](../../includes/azure-app-configuration-cleanup.md)]