first pass removing .NET 3.1

cilwerner · web-flow · commit a68d99789e08 · 2022-12-09T12:10:56.000Z
diff --git a/articles/active-directory/develop/scenario-protected-web-api-app-configuration.md b/articles/active-directory/develop/scenario-protected-web-api-app-configuration.md
@@ -8,7 +8,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.subservice: develop
 ms.topic: conceptual
-ms.date: 05/12/2022
+ms.date: 12/09/2022
 ms.author: jmprieur
 #Customer intent: As an application developer, I want to know how to write a protected web API using the Microsoft identity platform for developers.
 ---
@@ -23,7 +23,7 @@ To configure the code for your protected web API, understand:
 
 ## What defines ASP.NET and ASP.NET Core APIs as protected?
 
-Like web apps, the ASP.NET and ASP.NET Core web APIs are protected because their controller actions are prefixed with the **[Authorize]** attribute. The controller actions can be called only if the API is called with an authorized identity.
+Like web apps, ASP.NET and ASP.NET Core web APIs are protected because their controller actions are prefixed with the **[Authorize]** attribute. The controller actions can be called only if the API is called with an authorized identity.
 
 Consider the following questions:
 
@@ -59,21 +59,17 @@ This section describes how to configure a bearer token.
 
 ### Config file
 
+You need specify the TenantId only if you want to accept access tokens from a single tenant (line-of-business app). Otherwise, it can be left as `common`. The different values can be:
+  - A GUID (Tenant ID = Directory ID)
+  - `common` can be any organization and personal accounts
+  - `organizations` can be any organization
+  - `consumers` are Microsoft personal accounts
+
 ```Json
 {
   "AzureAd": {
     "Instance": "https://login.microsoftonline.com/",
-    "ClientId": "[Client_id-of-web-api-eg-2ec40e65-ba09-4853-bcde-bcb60029e596]",
-    /*
-      You need specify the TenantId only if you want to accept access tokens from a single tenant
-     (line-of-business app).
-      Otherwise, you can leave them set to common.
-      This can be:
-      - A GUID (Tenant ID = Directory ID)
-      - 'common' (any organization and personal accounts)
-      - 'organizations' (any organization)
-      - 'consumers' (Microsoft personal accounts)
-    */
+    "ClientId": "Enter_the_Application_(client)_ID_here"
     "TenantId": "common"
   },
   "Logging": {
@@ -87,15 +83,15 @@ This section describes how to configure a bearer token.
 
 #### Case where you used a custom App ID URI for your web API
 
-If you've accepted the default App ID URI proposed by the Azure portal, you don't need to specify the audience (see [Application ID URI and scopes](scenario-protected-web-api-app-registration.md#scopes-and-the-application-id-uri)). Otherwise, add an `Audience` property whose value is the App ID URI for your web API.
+If you've accepted the default App ID URI proposed by the Azure portal, you don't need to specify the audience (see [Application ID URI and scopes](scenario-protected-web-api-app-registration.md#scopes-and-the-application-id-uri)). Otherwise, add an `Audience` property whose value is the App ID URI for your web API. This typically starts with `api://`.
 
 ```Json
 {
   "AzureAd": {
     "Instance": "https://login.microsoftonline.com/",
-    "ClientId": "[Client_id-of-web-api-eg-2ec40e65-ba09-4853-bcde-bcb60029e596]",
+    "ClientId": "Enter_the_Application_(client)_ID_here",
     "TenantId": "common",
-    "Audience": "custom App ID URI for your web API"
+    "Audience": "Enter_the_Application_ID_URI_here"
   },
   // more lines
 }
@@ -161,62 +157,6 @@ app.MapControllers();
 app.Run();
 ```
 
-#### ASP.NET Core 3.1
-
-
-To create a new web API project by using the Microsoft.Identity.Web-enabled project templates in ASP.NET Core 3.1, see [Microsoft.Identity.Web - Web API project template](https://aka.ms/ms-id-web/webapi-project-templates).
-
-To add Microsoft.Identity.Web to an existing ASP.NET Core 3.1 web API project, add this using directive to your _Program.cs_ file:
-
-ASP.NET Core 3.1 uses the Microsoft.AspNetCore.Authentication.JwtBearer library. The middleware is initialized in the Startup.cs file.
-
-```csharp
-using Microsoft.AspNetCore.Authentication.JwtBearer;
-```
-
-The middleware is added to the web API by this instruction:
-
-```csharp
-// This method gets called by the runtime. Use this method to add services to the container.
-public void ConfigureServices(IServiceCollection services)
-{
-  services.AddAuthentication(AzureADDefaults.JwtBearerAuthenticationScheme)
-          .AddAzureADBearer(options => Configuration.Bind("AzureAd", options));
-}
-```
-
- Currently, the ASP.NET Core templates create Azure Active Directory (Azure AD) web APIs that sign in users within your organization or any organization. They don't sign in users with personal accounts. However, you can change the templates to use the Microsoft identity platform by using [Microsoft.Identity.Web](https://www.nuget.org/packages/Microsoft.Identity.Web) replacing the code in *Startup.cs*:
-
-```csharp
-using Microsoft.Identity.Web;
-```
-
-```csharp
-public void ConfigureServices(IServiceCollection services)
-{
- // Adds Microsoft Identity platform (AAD v2.0) support to protect this API
- services.AddAuthentication(AzureADDefaults.JwtBearerAuthenticationScheme)
-             .AddMicrosoftIdentityWebApi(Configuration, "AzureAd");
-
- services.AddControllers();
-}
-```
-
-Make sure you have `app.UseAuthentication()` and `app.UseAuthorization()` in the `Configure` method.
-
-```csharp
-public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
-{
- // More code here
- app.UseAuthentication();
- app.UseAuthorization();
-
- // More code here
-```
-
-> [!NOTE]
-> If you use Microsoft.Identity.Web and don't set the `Audience` in *appsettings.json*, `$"{ClientId}"` is automatically used if you have set the [access token accepted version](scenario-protected-web-api-app-registration.md#accepted-token-version) to `2`, or for Azure AD B2C web APIs.
-
 ## Token validation
 
 In the preceding snippet, the JwtBearer middleware, like the OpenID Connect middleware in web apps, validates the token based on the value of `TokenValidationParameters`. The token is decrypted as needed, the claims are extracted, and the signature is verified. The middleware then validates the token by checking for this data:
