MicrosoftDocs
diff --git a/‎articles/active-directory-b2c/active-directory-b2c-configure-signup-self-asserted-custom.md
Lines changed: 3 additions & 3 deletions b/‎articles/active-directory-b2c/active-directory-b2c-configure-signup-self-asserted-custom.md
Lines changed: 3 additions & 3 deletions
diff --git a/‎articles/active-directory-b2c/active-directory-b2c-custom-rest-api-netfw-secure-basic.md
Lines changed: 24 additions & 24 deletions b/‎articles/active-directory-b2c/active-directory-b2c-custom-rest-api-netfw-secure-basic.md
Lines changed: 24 additions & 24 deletions
diff --git a/‎articles/active-directory-b2c/active-directory-b2c-custom-rest-api-netfw-secure-cert.md
Lines changed: 14 additions & 14 deletions b/‎articles/active-directory-b2c/active-directory-b2c-custom-rest-api-netfw-secure-cert.md
Lines changed: 14 additions & 14 deletions
@@ -74,7 +74,7 @@ The following elements are used to define the claim:
 
 #### DropdownSingleSelect
 
-![Screenshot of dropdown option](./media/active-directory-b2c-configure-signup-self-asserted-custom/dropdown-menu-example.png)
+![Single-select dropdown control showing several options](./media/active-directory-b2c-configure-signup-self-asserted-custom/dropdown-menu-example.png)
 
 ```xml
 <ClaimType Id="city">
@@ -91,7 +91,7 @@ The following elements are used to define the claim:
 
 #### CheckboxMultiSelect
 
-![Screenshot of multiselect option](./media/active-directory-b2c-configure-signup-self-asserted-custom/multiselect-menu-example.png)
+![Multi-select checkbox control showing several options](./media/active-directory-b2c-configure-signup-self-asserted-custom/multiselect-menu-example.png)
 
 ```xml
 <ClaimType Id="city">
@@ -230,7 +230,7 @@ The following elements are used to define the claim:
       <IncludeTechnicalProfile ReferenceId="AAD-Common" />
     </TechnicalProfile>
     ```
-   
+
 4. Add the `<OutputClaim ClaimTypeReferenceId="city" />` claim to the SignUporSignIn.xml file so that this claim is sent to the application in the token after a successful user journey.
 
     ```xml
 
@@ -71,12 +71,12 @@ Add the `ClientAuthMiddleware.cs` class under the *App_Start* folder. To do so:
 
 2. In the **Name** box, type **ClientAuthMiddleware.cs**.
 
-   ![Create new C# class](media/aadb2c-ief-rest-api-netfw-secure-basic/rest-api-netfw-secure-basic-OWIN-startup-auth2.png)
+   ![Creating a new C# class in the Add New Item dialog in Visual Studio](media/aadb2c-ief-rest-api-netfw-secure-basic/rest-api-netfw-secure-basic-OWIN-startup-auth2.png)
 
 3. Open the *App_Start\ClientAuthMiddleware.cs* file, and replace the file content with following code:
 
     ```csharp
-    
+
     using Microsoft.Owin;
     using System;
     using System.Collections.Generic;
@@ -86,7 +86,7 @@ Add the `ClientAuthMiddleware.cs` class under the *App_Start* folder. To do so:
     using System.Text;
     using System.Threading.Tasks;
     using System.Web;
-    
+
     namespace Contoso.AADB2C.API
     {
         /// <summary>
@@ -96,12 +96,12 @@ Add the `ClientAuthMiddleware.cs` class under the *App_Start* folder. To do so:
         {
             private static readonly string ClientID = ConfigurationManager.AppSettings["WebApp:ClientId"];
             private static readonly string ClientSecret = ConfigurationManager.AppSettings["WebApp:ClientSecret"];
-    
+
             /// <summary>
             /// Gets or sets the next owin middleware
             /// </summary>
             private Func<IDictionary<string, object>, Task> Next { get; set; }
-    
+
             /// <summary>
             /// Initializes a new instance of the <see cref="ClientAuthMiddleware"/> class.
             /// </summary>
@@ -110,7 +110,7 @@ Add the `ClientAuthMiddleware.cs` class under the *App_Start* folder. To do so:
             {
                 this.Next = next;
             }
-    
+
             /// <summary>
             /// Invoke client authentication middleware during each request.
             /// </summary>
@@ -120,29 +120,29 @@ Add the `ClientAuthMiddleware.cs` class under the *App_Start* folder. To do so:
             {
                 // Get wrapper class for the environment
                 var context = new OwinContext(environment);
-    
+
                 // Check whether the authorization header is available. This contains the credentials.
                 var authzValue = context.Request.Headers.Get("Authorization");
                 if (string.IsNullOrEmpty(authzValue) || !authzValue.StartsWith("Basic ", StringComparison.OrdinalIgnoreCase))
                 {
                     // Process next middleware
                     return Next(environment);
                 }
-    
+
                 // Get credentials
                 var creds = authzValue.Substring("Basic ".Length).Trim();
                 string clientId;
                 string clientSecret;
-    
+
                 if (RetrieveCreds(creds, out clientId, out clientSecret))
                 {
                     // Set transaction authenticated as client
                     context.Request.User = new GenericPrincipal(new GenericIdentity(clientId, "client"), new string[] { "client" });
                 }
-    
+
                 return Next(environment);
             }
-    
+
             /// <summary>
             /// Retrieve credentials from header
             /// </summary>
@@ -154,7 +154,7 @@ Add the `ClientAuthMiddleware.cs` class under the *App_Start* folder. To do so:
             {
                 string pair;
                 clientId = clientSecret = string.Empty;
-    
+
                 try
                 {
                     pair = Encoding.UTF8.GetString(Convert.FromBase64String(credentials));
@@ -167,16 +167,16 @@ Add the `ClientAuthMiddleware.cs` class under the *App_Start* folder. To do so:
                 {
                     return false;
                 }
-    
+
                 var ix = pair.IndexOf(':');
                 if (ix == -1)
                 {
                     return false;
                 }
-    
+
                 clientId = pair.Substring(0, ix);
                 clientSecret = pair.Substring(ix + 1);
-    
+
                 // Return whether credentials are valid
                 return (string.Compare(clientId, ClientAuthMiddleware.ClientID) == 0 &&
                     string.Compare(clientSecret, ClientAuthMiddleware.ClientSecret) == 0);
@@ -190,14 +190,14 @@ Add the `ClientAuthMiddleware.cs` class under the *App_Start* folder. To do so:
 Add an OWIN startup class named `Startup.cs` to the API. To do so:
 1. Right-click the project, select **Add** > **New Item**, and then search for **OWIN**.
 
-   ![Add an OWIN startup class](media/aadb2c-ief-rest-api-netfw-secure-basic/rest-api-netfw-secure-basic-OWIN-startup.png)
+   ![Creating OWIN startup class in Add New Item dialog in Visual Studio](media/aadb2c-ief-rest-api-netfw-secure-basic/rest-api-netfw-secure-basic-OWIN-startup.png)
 
 2. Open the *Startup.cs* file, and replace the file content with following code:
 
     ```csharp
     using Microsoft.Owin;
     using Owin;
-    
+
     [assembly: OwinStartup(typeof(Contoso.AADB2C.API.Startup))]
     namespace Contoso.AADB2C.API
     {
@@ -236,7 +236,7 @@ After your RESTful service is protected by the client ID (username) and secret,
 
 4. For **Options**, select **Manual**.
 
-5. For **Name**, type **B2cRestClientId**.  
+5. For **Name**, type **B2cRestClientId**.
     The prefix *B2C_1A_* might be added automatically.
 
 6. In the **Secret** box, enter the app ID that you defined earlier.
@@ -257,7 +257,7 @@ After your RESTful service is protected by the client ID (username) and secret,
 
 4. For **Options**, select **Manual**.
 
-5. For **Name**, type **B2cRestClientSecret**.  
+5. For **Name**, type **B2cRestClientSecret**.
     The prefix *B2C_1A_* might be added automatically.
 
 6. In the **Secret** box, enter the app secret that you defined earlier.
@@ -292,8 +292,8 @@ After your RESTful service is protected by the client ID (username) and secret,
     ```
 
     After you add the snippet, your technical profile should look like the following XML code:
-    
-    ![Add basic authentication XML elements](media/aadb2c-ief-rest-api-netfw-secure-basic/rest-api-netfw-secure-basic-add-1.png)
+
+    ![Add basic authentication XML elements to TechnicalProfile](media/aadb2c-ief-rest-api-netfw-secure-basic/rest-api-netfw-secure-basic-add-1.png)
 
 ## Step 5: Upload the policy to your tenant
 
@@ -318,12 +318,12 @@ After your RESTful service is protected by the client ID (username) and secret,
 
 2. Open **B2C_1A_signup_signin**, the relying party (RP) custom policy that you uploaded, and then select **Run now**.
 
-3. Test the process by typing **Test** in the **Given Name** box.  
+3. Test the process by typing **Test** in the **Given Name** box.
     Azure AD B2C displays an error message at the top of the window.
 
-    ![Test your identity API](media/aadb2c-ief-rest-api-netfw-secure-basic/rest-api-netfw-test.png)
+    ![Testing the Given Name input validation in your identity API](media/aadb2c-ief-rest-api-netfw-secure-basic/rest-api-netfw-test.png)
 
-4. In the **Given Name** box, type a name (other than "Test").  
+4. In the **Given Name** box, type a name (other than "Test").
     Azure AD B2C signs up the user and then sends a loyalty number to your application. Note the number in this example:
 
     ```
 
@@ -43,24 +43,24 @@ To set up **Azure App Service** to require client certificates, set the web app
 >For more information about setting the **clientCertEnabled** property, see [Configure TLS mutual authentication for web apps](https://docs.microsoft.com/azure/app-service-web/app-service-web-configure-tls-mutual-auth).
 
 ## Step 2: Upload your certificate to Azure AD B2C policy keys
-After you set `clientCertEnabled` to *true*, the communication with your RESTful API requires a client certificate. To obtain, upload, and store the client certificate in your Azure AD B2C tenant, do the following: 
+After you set `clientCertEnabled` to *true*, the communication with your RESTful API requires a client certificate. To obtain, upload, and store the client certificate in your Azure AD B2C tenant, do the following:
 1. In your Azure AD B2C tenant, select **B2C Settings** > **Identity Experience Framework**.
 
 2. To view the keys that are available in your tenant, select **Policy Keys**.
 
-3. Select **Add**.  
+3. Select **Add**.
     The **Create a key** window opens.
 
 4. In the **Options** box, select **Upload**.
 
-5. In the **Name** box, type **B2cRestClientCertificate**.  
+5. In the **Name** box, type **B2cRestClientCertificate**.
     The prefix *B2C_1A_* is added automatically.
 
 6. In the **File upload** box, select your certificate's .pfx file with a private key.
 
 7. In the **Password** box, type the certificate's password.
 
-    ![Upload policy key](media/aadb2c-ief-rest-api-netfw-secure-cert/rest-api-netfw-secure-client-cert-upload.png)
+    ![Upload policy key in the Create a key page in Azure portal](media/aadb2c-ief-rest-api-netfw-secure-cert/rest-api-netfw-secure-client-cert-upload.png)
 
 7. Select **Create**.
 
@@ -81,7 +81,7 @@ To support client certificate authentication in your custom policy, change the t
     <Item Key="AuthenticationType">ClientCertificate</Item>
     ```
 
-5. Immediately after the closing `<Metadata>` element, add the following XML snippet: 
+5. Immediately after the closing `<Metadata>` element, add the following XML snippet:
 
     ```xml
     <CryptographicKeys>
@@ -115,12 +115,12 @@ To support client certificate authentication in your custom policy, change the t
 
 2. Open **B2C_1A_signup_signin**, the relying party (RP) custom policy that you uploaded, and then select **Run now**.
 
-3. Test the process by typing **Test** in the **Given Name** box.  
-    Azure AD B2C displays an error message at the top of the window.    
+3. Test the process by typing **Test** in the **Given Name** box.
+    Azure AD B2C displays an error message at the top of the window.
 
-    ![Test your identity API](media/aadb2c-ief-rest-api-netfw-secure-basic/rest-api-netfw-test.png)
+    ![Given Name text box highlighted and input validation error shown](media/aadb2c-ief-rest-api-netfw-secure-basic/rest-api-netfw-test.png)
 
-4. In the **Given Name** box, type a name (other than "Test").  
+4. In the **Given Name** box, type a name (other than "Test").
     Azure AD B2C signs up the user and then sends a loyalty number to your application. Note the number in this JWT example:
 
    ```
@@ -148,7 +148,7 @@ To support client certificate authentication in your custom policy, change the t
    >If you receive the error message, *The name is not valid, please provide a valid name*, it means that Azure AD B2C successfully called your RESTful service while it presented the client certificate. The next step is to validate the certificate.
 
 ## Step 6: Add certificate validation
-The client certificate that Azure AD B2C sends to your RESTful service does not undergo validation by the Azure App Service platform, except to check whether the certificate exists. Validating the certificate is the responsibility of the web app. 
+The client certificate that Azure AD B2C sends to your RESTful service does not undergo validation by the Azure App Service platform, except to check whether the certificate exists. Validating the certificate is the responsibility of the web app.
 
 In this section, you add sample ASP.NET code that validates the certificate properties for authentication purposes.
 
@@ -167,7 +167,7 @@ In the Visual Studio project that you created earlier, add the following applica
 Replace the certificate's **Subject name**, **Issuer name**, and **Certificate thumbprint** values with your certificate values.
 
 ### 6.2 Add the IsValidClientCertificate function
-Open the *Controllers\IdentityController.cs* file, and then add to the `Identity` controller class the following function: 
+Open the *Controllers\IdentityController.cs* file, and then add to the `Identity` controller class the following function:
 
 ```csharp
 private bool IsValidClientCertificate()
@@ -215,7 +215,7 @@ private bool IsValidClientCertificate()
         Trace.TraceError($"Subject name '{clientCertInRequest.Subject}' is not valid");
         return false;
     }
-    
+
     // 3. Check the issuer name of the certificate
     bool foundIssuerCN = false;
     string[] certIssuerData = clientCertInRequest.Issuer.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
@@ -269,7 +269,7 @@ In the preceding sample code, we accept the certificate as valid only if all the
 >Depending on the sensitivity of your service, you might need to add more validations. For example, you might need to test whether the certificate chains to a trusted root authority, issuer organization name validation, and so on.
 
 ### 6.3 Call the IsValidClientCertificate function
-Open the *Controllers\IdentityController.cs* file and then, at the beginning of the `SignUp()` function, add the following code snippet: 
+Open the *Controllers\IdentityController.cs* file and then, at the beginning of the `SignUp()` function, add the following code snippet:
 
 ```csharp
 if (IsValidClientCertificate() == false)
@@ -295,4 +295,4 @@ If you need to troubleshoot this step, see [Collecting logs by using Application
 
 ## (Optional) Download the complete policy files and code
 * After you complete the [Get started with custom policies](active-directory-b2c-get-started-custom.md) walkthrough, we recommend that you build your scenario by using your own custom policy files. For your reference, we have provided [Sample policy files](https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/tree/master/scenarios/aadb2c-ief-rest-api-netfw-secure-cert).
-* You can download the complete code from [Sample Visual Studio solution for reference](https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/tree/master/scenarios/aadb2c-ief-rest-api-netfw/Contoso.AADB2C.API). 
+* You can download the complete code from [Sample Visual Studio solution for reference](https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/tree/master/scenarios/aadb2c-ief-rest-api-netfw/Contoso.AADB2C.API).