validation

cephalin · cephalin · commit d30a36f6e045 · 2025-07-17T11:42:52.000-05:00
diff --git a/articles/app-service/tutorial-ai-integrate-azure-ai-agent-dotnet.md b/articles/app-service/tutorial-ai-integrate-azure-ai-agent-dotnet.md
@@ -198,7 +198,7 @@ At a minimum, open the [sample application](https://github.com/Azure-Samples/msd
 When exposing APIs via OpenAPI in Azure App Service, follow these security best practices:
 
 - **Authentication and Authorization**: Protect your OpenAPI endpoints in App Service behind [Azure API Management with Microsoft Entra ID](/azure/api-management/api-management-howto-protect-backend-with-aad) and ensure only authorized users or agents can access the tools.
-- **Validate input data:** The sample code checks `ModelState.IsValid` in the `CreateTodo` method, which ensures that the incoming data matches the model's validation attributes. For more information, see [Model validation in ASP.NET Core](https://learn.microsoft.com/aspnet/core/mvc/models/validation).
+- **Validate input data:** The sample code checks `ModelState.IsValid` in the `CreateTodo` method, which ensures that the incoming data matches the model's validation attributes. For more information, see [Model validation in ASP.NET Core](/aspnet/core/mvc/models/validation).
 - **Use HTTPS:** The sample relies on Azure App Service, which enforces HTTPS by default and provides free TLS/SSL certificates to encrypt data in transit.
 - **Limit CORS:** Restrict Cross-Origin Resource Sharing (CORS) to trusted domains only. For more information, see [Enable CORS](app-service-web-tutorial-rest-api.md#enable-cors).
 - **Apply rate limiting:** Use [API Management](/azure/api-management/api-management-sample-flexible-throttling) or custom middleware to prevent abuse and denial-of-service attacks.
@@ -208,7 +208,7 @@ When exposing APIs via OpenAPI in Azure App Service, follow these security best
 - **Monitor and log activity:** Enable logging and monitor access to detect suspicious activity.
 - **Use managed identities:** When calling other Azure services, use managed identities instead of hardcoded credentials.
 
-For more guidance, see [Secure your App Service app](https://learn.microsoft.com/azure/app-service/security-overview) and [Best practices for REST API security](https://learn.microsoft.com/azure/architecture/best-practices/api-design#security).
+For more guidance, see [Secure your App Service app](security-overview.md) and [Best practices for REST API security](/azure/architecture/best-practices/api-design#security).
 
 ## Next step
 
diff --git a/articles/app-service/tutorial-ai-integrate-azure-ai-agent-java.md b/articles/app-service/tutorial-ai-integrate-azure-ai-agent-java.md
@@ -160,7 +160,7 @@ When exposing APIs via OpenAPI in Azure App Service, follow these security best
 - **Monitor and log activity:** Enable logging and monitor access to detect suspicious activity.
 - **Use managed identities:** When calling other Azure services, use managed identities instead of hardcoded credentials.
 
-For more guidance, see [Secure your App Service app](https://learn.microsoft.com/azure/app-service/security-overview) and [Best practices for REST API security](https://learn.microsoft.com/azure/architecture/best-practices/api-design#security).
+For more guidance, see [Secure your App Service app](security-overview.md) and [Best practices for REST API security](/azure/architecture/best-practices/api-design#security).
 
 ## Next step
 
diff --git a/articles/app-service/tutorial-ai-model-context-protocol-server-dotnet.md b/articles/app-service/tutorial-ai-model-context-protocol-server-dotnet.md
@@ -221,7 +221,7 @@ At a minimum, open the [sample application](https://github.com/Azure-Samples/msd
 When your MCP server is called by an agent powered by large language models (LLM), be aware of [prompt injection](https://genai.owasp.org/llmrisk/llm01-prompt-injection/) attacks. Consider the following security best practices:
 
 - **Authentication and Authorization**: Protect your MCP endpoints in App Service behind [Azure API Management with Microsoft Entra ID](/azure/api-management/api-management-howto-protect-backend-with-aad) and ensure only authorized users or agents can access the tools.
-- **Input Validation and Sanitization**: The example code in this tutorial omits input validation and sanitization for simplicity and clarity. In production scenarios, always implement proper validation and sanitization to protect your application. For ASP.NET Core, see [Model validation in ASP.NET Core](https://learn.microsoft.com/aspnet/core/mvc/models/validation).
+- **Input Validation and Sanitization**: The example code in this tutorial omits input validation and sanitization for simplicity and clarity. In production scenarios, always implement proper validation and sanitization to protect your application. For ASP.NET Core, see [Model validation in ASP.NET Core](/aspnet/core/mvc/models/validation).
 - **HTTPS:** The sample relies on Azure App Service, which enforces HTTPS by default and provides free TLS/SSL certificates to encrypt data in transit.
 - **Least Privilege Principle**: Expose only the necessary tools and data required for your use case. Avoid exposing sensitive operations unless absolutely necessary.
 - **Rate Limiting and Throttling**: Use [API Management](/azure/api-management/api-management-sample-flexible-throttling) or custom middleware to prevent abuse and denial-of-service attacks.
