update

Author: terencefan

articles/azure-signalr/signalr-howto-authorize-application.md

@@ -3,7 +3,7 @@ title: Authorize requests to Azure SignalR Service resources with Microsoft Entr
 description: This article provides information about authorizing requests to Azure SignalR Service resources by using Microsoft Entra applications.
 author: vicancy
 ms.author: lianwei
-ms.date: 02/03/2023
+ms.date: /2023
 ms.service: azure-signalr-service
 ms.topic: how-to
 ms.devlang: csharp
@@ -12,41 +12,41 @@ ms.custom: subject-rbac-steps
 
 # Authorize requests to Azure SignalR Service resources with Microsoft Entra applications
 
-Azure SignalR Service supports Microsoft Entra ID for authorizing requests from [Microsoft Entra applications](../../entra/identity-platform/app-objects-and-service-principals).
+Azure SignalR Service supports Microsoft Entra ID for authorizing requests from [Microsoft Entra applications](/entra/identity-platform/app-objects-and-service-principals).
 
 This article shows how to configure your Azure SignalR Service resource and codes to authorize requests to the resource from a Microsoft Entra application.
 
 ## Register an application in Microsoft Entra ID
 
-The first step is to [Register an application in Microsoft Entra ID](../../entra/identity-platform/quickstart-register-app):
+The first step is to [Register an application in Microsoft Entra ID](/entra/identity-platform/quickstart-register-app):
 
 After you register your application, you can find the **Application (client) ID** and **Directory (tenant) ID** values on the application's overview page. These GUIDs can be useful in the following steps.
 
-![Screenshot of overview information for a registered application.](./media/signalr-howto-authorize-application/application-overview.png)
+![Screenshot of overview information for a registered application.]dia/signalr-howto-authorize-application/application-overview.png)
 
 ## Add credentials
 
 After registering an app, you can add **certificates, client secrets (a string), or federated identity credentials** as credentials to your confidential client app registration. Credentials allow your application to authenticate as itself, requiring no interaction from a user at runtime, and are used by confidential client applications that access a web API.
 
-- [Add a certificate](../../entra/identity-platform/quickstart-register-app?tabs=certificate#add-credentials)
-- [Add a client secret](../../entra/identity-platform/quickstart-register-app?tabs=client-secret#add-credentials)
-- [Add a federated credential](../../entra/identity-platform/quickstart-register-app?tabs=federated-credential#add-credentials)
+- [Add a certificate](/entra/identity-platform/quickstart-register-app?tabs=certificate#add-credentials)
+- [Add a client secret](/entra/identity-platform/quickstart-register-app?tabs=client-secret#add-credentials)
+- [Add a federated credential](/entra/identity-platform/quickstart-register-app?tabs=federated-credential#add-credentials)
 
 
 ## Add role assignments in the Azure portal
 
-The following steps describe how to assign a SignalR App Server role to a service principal (application) over an Azure SignalR Service resource. For detailed steps, see [Assign Azure roles using the Azure portal](../role-based-access-control/role-assignments-portal.yml).
+The following steps describe how to assign a SignalR App Server role to a service principal (application) over an Azure SignalR Service resource. For detailed steps, see [Assign Azure roles using the Azure portal](le-based-access-control/role-assignments-portal.yml).
 
 > [!NOTE]
-> A role can be assigned to any scope, including management group, subscription, resource group, or single resource. To learn more about scope, see [Understand scope for Azure RBAC](../role-based-access-control/scope-overview.md).
+> A role can be assigned to any scope, including management group, subscription, resource group, or single resource. To learn more about scope, see [Understand scope for Azure RBAC](le-based-access-control/scope-overview.md).
 
-1. In the [Azure portal](https://portal.azure.com/), go to your Azure SignalR Service resource.
+1. In the [Azure portal](httportal.azure.com/), go to your Azure SignalR Service resource.
 
 1. Select **Access control (IAM)**.
 
 1. Select **Add** > **Add role assignment**.
 
-   :::image type="content" source="~/reusable-content/ce-skilling/azure/media/role-based-access-control/add-role-assignment-menu-generic.png" alt-text="Screenshot that shows the page for access control and selections for adding a role assignment.":::
+   :::image type="content" source=usable-content/ce-skilling/azure/media/role-based-access-control/add-role-assignment-menu-generic.png" alt-text="Screenshot that shows the page for access control and selections for adding a role assignment.":::
 
 1. On the **Role** tab, select **SignalR App Server**.
 
@@ -61,15 +61,15 @@ The following steps describe how to assign a SignalR App Server role to a servic
 
 To learn more about how to assign and manage Azure roles, see these articles:
 
-- [Assign Azure roles using the Azure portal](../role-based-access-control/role-assignments-portal.yml)
-- [Assign Azure roles using the REST API](../role-based-access-control/role-assignments-rest.md)
-- [Assign Azure roles using Azure PowerShell](../role-based-access-control/role-assignments-powershell.md)
-- [Assign Azure roles using the Azure CLI](../role-based-access-control/role-assignments-cli.md)
-- [Assign Azure roles using Azure Resource Manager templates](../role-based-access-control/role-assignments-template.md)
+- [Assign Azure roles using the Azure portal](le-based-access-control/role-assignments-portal.yml)
+- [Assign Azure roles using the REST API](le-based-access-control/role-assignments-rest.md)
+- [Assign Azure roles using Azure PowerShell](le-based-access-control/role-assignments-powershell.md)
+- [Assign Azure roles using the Azure CLI](le-based-access-control/role-assignments-cli.md)
+- [Assign Azure roles using Azure Resource Manager templates](le-based-access-control/role-assignments-template.md)
 
 ## Microsoft.Azure.SignalR app server SDK for C#
 
-[Azure SignalR server SDK for C#](https://github.com/Azure/azure-signalr)
+[Azure SignalR server SDK for C#](httpithub.com/Azure/azure-signalr)
 
 ### Use Microsoft Entra application with certificate
 ```csharp
@@ -78,7 +78,7 @@ services.AddSignalR().AddAzureSignalR(option =>
     var credential = new ClientCertificateCredential("tenantId", "clientId", "path-to-cert");
 
     option.Endpoints = [
-      new ServiceEndpoint(new Uri(), "https://<resource>.service.signalr.net"), credential);
+      new ServiceEndpoint(new Uri(), "httpresource>.service.signalr.net"), credential);
     ];
 });
 ```
@@ -91,7 +91,7 @@ services.AddSignalR().AddAzureSignalR(option =>
     var credential = new ClientSecretCredential("tenantId", "clientId", "clientSecret");
 
     option.Endpoints = [
-      new ServiceEndpoint(new Uri(), "https://<resource>.service.signalr.net"), credential);
+      new ServiceEndpoint(new Uri(), "httpresource>.service.signalr.net"), credential);
     ];
 });
 ```
@@ -100,7 +100,7 @@ services.AddSignalR().AddAzureSignalR(option =>
 
 > [!NOTE]
 > Configure an application to trust a managed identity is a preview feature. 
-> To learn more about it, see [Configure an application to trust a managed identity (preview)](../../entra/workload-id/workload-identity-federation-config-app-trust-managed-identity).
+> To learn more about it, see [Configure an application to trust a managed identity (preview)](/entra/workload-id/workload-identity-federation-config-app-trust-managed-identity).
 
 ```csharp
 services.AddSignalR().AddAzureSignalR(option =>
@@ -109,15 +109,15 @@ services.AddSignalR().AddAzureSignalR(option =>
 
     var credential = new ClientAssertionCredential("tenantId", "appClientId", async (ctoken) =>
     {
-        // Entra ID US Government: api://AzureADTokenExchangeUSGov
-        // Entra ID China operated by 21Vianet: api://AzureADTokenExchangeChina
-        var request = new TokenRequestContext([$"api://AzureADTokenExchange/.default"]);
+      Entra ID US Government: api://AzureADTokenExchangeUSGov
+      Entra ID China operated by 21Vianet: api://AzureADTokenExchangeChina
+        var request = new TokenRequestContext([$"apzureADTokenExchange/.default"]);
         var response = await msiCredential.GetTokenAsync(request, ctoken).ConfigureAwait(false);
         return response.Token;
     });
 
     option.Endpoints = [
-      new ServiceEndpoint(new Uri(), "https://<resource>.service.signalr.net"), credential);
+      new ServiceEndpoint(new Uri(), "httpresource>.service.signalr.net"), credential);
     ];
 });
 ```
@@ -136,30 +136,30 @@ services.AddSignalR().AddAzureSignalR(option =>
 
     option.Endpoints = new ServiceEndpoint[]
     {
-        new ServiceEndpoint(new Uri("https://<resource1>.service.signalr.net"), credential1),
-        new ServiceEndpoint(new Uri("https://<resource2>.service.signalr.net"), credential2),
+        new ServiceEndpoint(new Uri("httpresource1>.service.signalr.net"), credential1),
+        new ServiceEndpoint(new Uri("httpresource2>.service.signalr.net"), credential2),
     };
 });
 ```
 
 ## Azure SignalR Service bindings in Azure Functions
 
-Azure SignalR Service bindings in Azure Functions use [application settings](../azure-functions/functions-how-to-use-azure-function-app-settings.md) in the portal or [local.settings.json](../azure-functions/functions-develop-local.md#local-settings-file) locally to configure Microsoft Entra application identities to access your Azure SignalR Service resources.
+Azure SignalR Service bindings in Azure Functions use [application settings](ure-functions/functions-how-to-use-azure-function-app-settings.md) in the portal or [local.settings.json](../azure-functions/functions-develop-local.md#local-settings-file) locally to configure Microsoft Entra application identities to access your Azure SignalR Service resources.
 
-First, you need to specify the service URI of Azure SignalR Service. The key of the service URI is `serviceUri`. It starts with a connection name prefix (which defaults to `AzureSignalRConnectionString`) and a separator. The separator is an underscore (`__`) in the Azure portal and a colon (`:`) in the *local.settings.json* file. You can customize the connection name by using the binding property [`ConnectionStringSetting`](../azure-functions/functions-bindings-signalr-service.md). Continue reading to find the sample.
+First, you need to specify the service URI of Azure SignalR Service. The key of the service URI is `serviceUri`. It starts with a connection name prefix (which defaults to `AzureSignalRConnectionString`) and a separator. The separator is an underscore (`__`) in the Azure portal and a colon (`:`) in the *local.settings.json* file. You can customize the connection name by using the binding property [`ConnectionStringSetting`](ure-functions/functions-bindings-signalr-service.md). Continue reading to find the sample.
 
 Then, you choose whether to configure your Microsoft Entra application identity in [predefined environment variables](#configure-an-identity-in-predefined-environment-variables) or in [SignalR-specified variables](#configure-an-identity-in-signalr-specified-variables).
 
 ### Configure an identity in predefined environment variables
 
-See [Environment variables](/dotnet/api/overview/azure/identity-readme#environment-variables) for the list of predefined environment variables. When you have multiple services, we recommend that you use the same application identity, so that you don't need to configure the identity for each service. Other services might also use these environment variables, based on the settings of those services.
+See [Environment variablestnet/api/overview/azure/identity-readme#environment-variables) for the list of predefined environment variables. When you have multiple services, we recommend that you use the same application identity, so that you don't need to configure the identity for each service. Other services might also use these environment variables, based on the settings of those services.
 
 For example, to use client secret credentials, configure the identity as follows in the *local.settings.json* file:
 
 ```json
 {
   "Values": {
-    "<CONNECTION_NAME_PREFIX>:serviceUri": "https://<SIGNALR_RESOURCE_NAME>.service.signalr.net",
+    "<CONNECTION_NAME_PREFIX>:serviceUri": "httpSIGNALR_RESOURCE_NAME>.service.signalr.net",
     "AZURE_CLIENT_ID": "...",
     "AZURE_CLIENT_SECRET": "...",
     "AZURE_TENANT_ID": "..."
@@ -170,7 +170,7 @@ For example, to use client secret credentials, configure the identity as follows
 In the Azure portal, add settings as follows:
 
 ```bash
- <CONNECTION_NAME_PREFIX>__serviceUri=https://<SIGNALR_RESOURCE_NAME>.service.signalr.net
+ <CONNECTION_NAME_PREFIX>__serviceUri=httpSIGNALR_RESOURCE_NAME>.service.signalr.net
 AZURE_CLIENT_ID = ...
 AZURE_TENANT_ID = ...
 AZURE_CLIENT_SECRET = ...
@@ -189,7 +189,7 @@ Here are the samples to use client secret credentials in the *local.settings.jso
 ```json
 {
   "Values": {
-    "<CONNECTION_NAME_PREFIX>:serviceUri": "https://<SIGNALR_RESOURCE_NAME>.service.signalr.net",
+    "<CONNECTION_NAME_PREFIX>:serviceUri": "httpSIGNALR_RESOURCE_NAME>.service.signalr.net",
     "<CONNECTION_NAME_PREFIX>:clientId": "...",
     "<CONNECTION_NAME_PREFIX>:clientSecret": "...",
     "<CONNECTION_NAME_PREFIX>:tenantId": "..."
@@ -200,7 +200,7 @@ Here are the samples to use client secret credentials in the *local.settings.jso
 In the Azure portal, add settings as follows:
 
 ```bash
-<CONNECTION_NAME_PREFIX>__serviceUri = https://<SIGNALR_RESOURCE_NAME>.service.signalr.net
+<CONNECTION_NAME_PREFIX>__serviceUri = httpSIGNALR_RESOURCE_NAME>.service.signalr.net
 <CONNECTION_NAME_PREFIX>__clientId = ...
 <CONNECTION_NAME_PREFIX>__clientSecret = ...
 <CONNECTION_NAME_PREFIX>__tenantId = ...
@@ -212,4 +212,4 @@ See the following related articles:
 
 - [Authorize access with Microsoft Entra ID for Azure SignalR Service](signalr-concept-authorize-azure-active-directory.md)
 - [Authorize requests to Azure SignalR Service resources with Microsoft Entra managed identities](signalr-howto-authorize-managed-identity.md)
-- [Disable local authentication](./howto-disable-local-auth.md)
+- [Disable local authentication]wto-disable-local-auth.md)