Merge pull request #220880 from cilwerner/content-health-1

prmerger-automator[bot] · web-flow · commit 427ffc7bb5aa · 2022-12-09T11:47:12.000Z
[GTD][Core content][content-health] - scenario-web-app-sign-user-app-configuration.md - remove .NET 3.1 reference + article is +365 days stale
diff --git a/articles/active-directory/develop/scenario-web-app-sign-user-app-configuration.md b/articles/active-directory/develop/scenario-web-app-sign-user-app-configuration.md
@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: conceptual
 ms.workload: identity
-ms.date: 07/14/2020
+ms.date: 12/8/2022
 ms.author: jmprieur
 ms.custom: aaddev, devx-track-python
 #Customer intent: As an application developer, I want to know how to write a web app that signs in users by using the Microsoft identity platform.
@@ -64,8 +64,16 @@ You might want to refer to this sample for full implementation details.
 
 Web applications that sign in users by using the Microsoft identity platform are configured through configuration files. These are the values you're required to specify in the configuration:
 
-- The cloud instance (`Instance`) if you want your app to run in national clouds, for example
-- The audience in the tenant ID (`TenantId`)
+- The cloud instance (`Instance`) if you want your app to run in national clouds, for example. The different options include;
+  - `https://login.microsoftonline.com/` for Azure public cloud
+  - `https://login.microsoftonline.us/` for Azure US government
+  - `https://login.microsoftonline.de/` for Azure AD Germany
+  - `https://login.partner.microsoftonline.cn/common` for Azure AD China operated by 21Vianet
+- The audience in the tenant ID (`TenantId`). The options vary depending on whether your app is single tenant or multitenant.
+  - `TenantId` for a GUID obtained from the Azure portal to sign in users in your organization. You can also use a domain name.
+  - `organizations` to sign in users in any work or school account
+  - `common` to sign in users with any work or school account or Microsoft personal account
+  - `consumers` to sign in users with a Microsoft personal account only
 - The client ID (`ClientId`) for your application, as copied from the Azure portal
 
 You might also see references to the `Authority`. The `Authority` value is the concatenation of the `Instance` and `TenantId` values.
@@ -77,22 +85,11 @@ In ASP.NET Core, these settings are located in the [appsettings.json](https://gi
 ```Json
 {
   "AzureAd": {
-    // Azure cloud instance among:
-    // - "https://login.microsoftonline.com/" for Azure public cloud
-    // - "https://login.microsoftonline.us/" for Azure US government
-    // - "https://login.microsoftonline.de/" for Azure AD Germany
-    // - "https://login.partner.microsoftonline.cn/common" for Azure AD China operated by 21Vianet
     "Instance": "https://login.microsoftonline.com/",
-
-    // Azure AD audience among:
-    // - "TenantId" as a GUID obtained from the Azure portal to sign in users in your organization
-    // - "organizations" to sign in users in any work or school account
-    // - "common" to sign in users with any work or school account or Microsoft personal account
-    // - "consumers" to sign in users with a Microsoft personal account only
     "TenantId": "[Enter the tenantId here]",
 
     // Client ID (application ID) obtained from the Azure portal
-    "ClientId": "[Enter the Client Id]",
+    "ClientId": "[Enter the Client Id here]",
     "CallbackPath": "/signin-oidc",
     "SignedOutCallbackPath": "/signout-oidc"
   }
@@ -131,7 +128,7 @@ In ASP.NET Core, another file ([properties\launchSettings.json](https://github.c
 }
 ```
 
-In the Azure portal, the redirect URIs that you register on the **Authentication** page for your application need to match these URLs. For the two preceding configuration files, they would be `https://localhost:44321/signin-oidc`. The reason is that `applicationUrl` is `http://localhost:3110`, but `sslPort` is specified (44321). `CallbackPath` is `/signin-oidc`, as defined in `appsettings.json`.
+In the Azure portal, the redirect URIs that you register on the **Authentication** page for your application need to match these URLs. For the two preceding configuration files, they would be `https://localhost:44321/signin-oidc`. The reason is that `applicationUrl` is `http://localhost:3110`, but `sslPort` is specified (`44321`). `CallbackPath` is `/signin-oidc`, as defined in `appsettings.json`.
 
 In the same way, the sign-out URI would be set to `https://localhost:44321/signout-oidc`.
 > [!NOTE]
@@ -189,8 +186,7 @@ These parameters are used to create a configuration object in *authConfig.js* fi
 
 In the Azure portal, the reply URIs that you register on the Authentication page for your application need to match the redirectUri instances that the application defines (`http://localhost:3000/auth/redirect`).
 
-> [!NOTE]
-> This quickstart proposes to store the client secret in the configuration file for simplicity. In your production app, you'd want to use other ways to store your secret, such as a key vault or an environment variable.
+For simplicity in this article, the client secret is stored in the configuration file. In the production app, consider using a key vault or an environment variable. An even better option is to use a certificate.
 
 # [Python](#tab/python)
 
@@ -205,29 +201,26 @@ SCOPE = ["User.ReadBasic.All"]
 SESSION_TYPE = "filesystem"  # So the token cache will be stored in a server-side session
 ```
 
-> [!NOTE]
-> This quickstart proposes to store the client secret in the configuration file for simplicity. In your production app, you'd want to use other ways to store your secret, such as a key vault or an environment variable as described in [Flask's documentation](https://flask.palletsprojects.com/en/1.1.x/config/#configuring-from-environment-variables).
->
-> ```python
-> CLIENT_SECRET = os.getenv("CLIENT_SECRET")
-> if not CLIENT_SECRET:
->     raise ValueError("Need to define CLIENT_SECRET environment variable")
-> ```
+For simplicity in this article, the client secret is stored in the configuration file. In the production app, consider using a key vault or an environment variable as described in [Flask's documentation](https://flask.palletsprojects.com/en/1.1.x/config/#configuring-from-environment-variables) to store your secret.
+
+```python
+CLIENT_SECRET = os.getenv("CLIENT_SECRET")
+if not CLIENT_SECRET:
+    raise ValueError("Need to define CLIENT_SECRET environment variable")
+```
 
 ---
 
 ## Initialization code
 
-The initialization code is different depending on the platform. For ASP.NET Core and ASP.NET, signing in users is delegated to the OpenID Connect middleware. The ASP.NET or ASP.NET Core template generates web applications for the Azure Active Directory (Azure AD) v1.0 endpoint. Some configuration is required to adapt them to the Microsoft identity platform. In the case of Java, it's handled by Spring with the cooperation of the application.
+The initialization code differences are platform dependant. For ASP.NET Core and ASP.NET, signing in users is delegated to the OpenID Connect middleware. The ASP.NET or ASP.NET Core template generates web applications for the Azure Active Directory (Azure AD) v1.0 endpoint. Some configuration is required to adapt them to the Microsoft identity platform. 
 
 # [ASP.NET Core](#tab/aspnetcore)
 
-In ASP.NET Core web apps (and web APIs), the application is protected because you have a `[Authorize]` attribute on the controllers or the controller actions. This attribute checks that the user is authenticated. Prior to the release of .NET 6, the code that's initializing the application is in the *Startup.cs* file.  New ASP.NET Core projects with .NET 6 no longer contain a *Startup.cs* file.  Taking its place is the *Program.cs* file.  The rest of this tutorial pertains to .NET 5 or lower.
-
-To add authentication with the Microsoft identity platform (formerly Azure AD v2.0), you'll need to add the following code. The comments in the code should be self-explanatory.
+In ASP.NET Core web apps (and web APIs), the application is protected because you have a `Authorize` attribute on the controllers or the controller actions. This attribute checks that the user is authenticated. Prior to the release of .NET 6, the code initializaation wis in the *Startup.cs* file.  New ASP.NET Core projects with .NET 6 no longer contain a *Startup.cs* file.  Taking its place is the *Program.cs* file.  The rest of this tutorial pertains to .NET 5 or lower.
 
 > [!NOTE]
-> If you want to start directly with the new ASP.NET Core templates for Microsoft identity platform, that leverage Microsoft.Identity.Web, you can download a preview NuGet package containing project templates for .NET Core 3.1 and .NET 5.0. Then, once installed, you can directly instantiate ASP.NET Core web applications (MVC or Blazor). See [Microsoft.Identity.Web web app project templates](https://aka.ms/ms-id-web/webapp-project-templates) for details. This is the simplest approach as it will do all the steps below for you.
+> If you want to start directly with the new ASP.NET Core templates for Microsoft identity platform, that leverage Microsoft.Identity.Web, you can download a preview NuGet package containing project templates for .NET 5.0. Then, once installed, you can directly instantiate ASP.NET Core web applications (MVC or Blazor). See [Microsoft.Identity.Web web app project templates](https://aka.ms/ms-id-web/webapp-project-templates) for details. This is the simplest approach as it will do all the steps below for you.
 >
 > If you prefer to start your project with the current default ASP.NET Core web project within Visual Studio or by using `dotnet new mvc --auth SingleOrg` or `dotnet new webapp --auth SingleOrg`, you'll see code like the following:
 >
@@ -237,9 +230,8 @@ To add authentication with the Microsoft identity platform (formerly Azure AD v2
 > ```
 >
 > This code uses the legacy **Microsoft.AspNetCore.Authentication.AzureAD.UI** NuGet package which is used to create an Azure AD v1.0 application. This article explains how to create a Microsoft identity platform (Azure AD v2.0) application which replaces that code.
->
 
-1. Add the [Microsoft.Identity.Web](https://www.nuget.org/packages/Microsoft.Identity.Web) and [Microsoft.Identity.Web.UI](https://www.nuget.org/packages/Microsoft.Identity.Web.UI) NuGet packages to your project. Remove the Microsoft.AspNetCore.Authentication.AzureAD.UI NuGet package if it is present.
+1. Add the [Microsoft.Identity.Web](https://www.nuget.org/packages/Microsoft.Identity.Web) and [Microsoft.Identity.Web.UI](https://www.nuget.org/packages/Microsoft.Identity.Web.UI) NuGet packages to your project. Remove the `Microsoft.AspNetCore.Authentication.AzureAD.UI` NuGet package if it is present.
 
 2. Update the code in `ConfigureServices` so that it uses the `AddMicrosoftIdentityWebAppAuthentication` and `AddMicrosoftIdentityUI` methods.
 
@@ -278,7 +270,7 @@ To add authentication with the Microsoft identity platform (formerly Azure AD v2
    ```
 
 In the code above:
-- The `AddMicrosoftIdentityWebAppAuthentication` extension method is defined in **Microsoft.Identity.Web**. It:
+- The `AddMicrosoftIdentityWebAppAuthentication` extension method is defined in **Microsoft.Identity.Web**, which;
   - Adds the authentication service.
   - Configures options to read the configuration file (here from the "AzureAD" section)
   - Configures the OpenID Connect options so that the authority is the Microsoft identity platform.
@@ -381,7 +373,7 @@ Move on to the next article in this scenario,
 # [Node.js](#tab/nodejs)
 
 Move on to the next article in this scenario,
-[Sign in](./scenario-web-app-sign-user-sign-in.md?tabs=nodejs).
+[Sign in and sign out](./scenario-web-app-sign-user-sign-in.md?tabs=nodejs).
 
 # [Python](#tab/python)
 
