Drop 'en-us' loc segment from URLs + doc nits (#13410)

Author: guardrex

src/DataProtection/README.md

@@ -1,7 +1,7 @@
 DataProtection
 ==============
 
-Data Protection APIs for protecting and unprotecting data. You can find documentation for Data Protection in the [ASP.NET Core Documentation](https://docs.microsoft.com/en-us/aspnet/core/security/data-protection/).
+Data Protection APIs for protecting and unprotecting data. You can find documentation for Data Protection in the [ASP.NET Core Documentation](https://docs.microsoft.com/aspnet/core/security/data-protection/).
 
 ## Community Maintained Data Protection Providers & Projects
 

src/ProjectTemplates/Web.ProjectTemplates/content/BlazorServerWeb-CSharp/Shared/MainLayout.Auth.razor

@@ -7,7 +7,7 @@
 <div class="main">
     <div class="top-row px-4">
         <LoginDisplay />
-        <a href="https://docs.microsoft.com/en-us/aspnet/" target="_blank">About</a>
+        <a href="https://docs.microsoft.com/aspnet/" target="_blank">About</a>
     </div>
 
     <div class="content px-4">

src/ProjectTemplates/Web.ProjectTemplates/content/BlazorServerWeb-CSharp/Shared/MainLayout.NoAuth.razor

@@ -6,7 +6,7 @@
 
 <div class="main">
     <div class="top-row px-4">
-        <a href="https://docs.microsoft.com/en-us/aspnet/" target="_blank">About</a>
+        <a href="https://docs.microsoft.com/aspnet/" target="_blank">About</a>
     </div>
 
     <div class="content px-4">

src/Security/Authentication/Certificate/src/README.md

@@ -1,31 +1,22 @@
 # Microsoft.AspNetCore.Authentication.Certificate
 
-This project sort of contains an implementation of [Certificate Authentication](https://tools.ietf.org/html/rfc5246#section-7.4.4) for ASP.NET Core. 
-Certificate authentication happens at the TLS level, long before it ever gets to ASP.NET Core, so, more accurately this is an authentication handler
-that validates the certificate and then gives you an event where you can resolve that certificate to a ClaimsPrincipal. 
+This project sort of contains an implementation of [Certificate Authentication](https://tools.ietf.org/html/rfc5246#section-7.4.4) for ASP.NET Core. Certificate authentication happens at the TLS level, long before it ever gets to ASP.NET Core, so, more accurately this is an authentication handler that validates the certificate and then gives you an event where you can resolve that certificate to a ClaimsPrincipal.
 
-You **must** [configure your host](#hostConfiguration) for certificate authentication, be it IIS, Kestrel, Azure Web Applications or whatever else you're using.
+You **must** [configure your host](#configuring-your-host-to-require-certificates) for certificate authentication, be it IIS, Kestrel, Azure Web Applications or whatever else you're using.
 
 ## Getting started
 
-First acquire an HTTPS certificate, apply it and then [configure your host](#hostConfiguration) to require certificates.
+First acquire an HTTPS certificate, apply it and then [configure your host](#configuring-your-host-to-require-certificates) to require certificates.
 
-In your web application add a reference to the package, then in the `ConfigureServices` method in `startup.cs` call
-`app.AddAuthentication(CertificateAuthenticationDefaults.AuthenticationScheme).UseCertificateAuthentication(...);` with your options, 
-providing a delegate for `OnValidateCertificate` to validate the client certificate sent with requests and turn that information 
-into an `ClaimsPrincipal`, set it on the `context.Principal` property and call `context.Success()`.
+In your web application add a reference to the package, then in the `ConfigureServices` method in `startup.cs` call `app.AddAuthentication(CertificateAuthenticationDefaults.AuthenticationScheme).UseCertificateAuthentication(...);` with your options, providing a delegate for `OnValidateCertificate` to validate the client certificate sent with requests and turn that information into an `ClaimsPrincipal`, set it on the `context.Principal` property and call `context.Success()`.
 
-If you change your scheme name in the options for the authentication handler you need to change the scheme name in 
-`AddAuthentication()` to ensure it's used on every request which ends in an endpoint that requires authorization.
+If you change your scheme name in the options for the authentication handler you need to change the scheme name in `AddAuthentication()` to ensure it's used on every request which ends in an endpoint that requires authorization.
 
-If authentication fails this handler will return a `403 (Forbidden)` response rather a `401 (Unauthorized)` as you
-might expect - this is because the authentication should happen during the initial TLS connection - by the time it 
-reaches the handler it's too late, and there's no way to actually upgrade the connection from an anonymous connection 
-to one with a certificate.
+If authentication fails this handler will return a `403 (Forbidden)` response rather a `401 (Unauthorized)` as you might expect - this is because the authentication should happen during the initial TLS connection - by the time it reaches the handler it's too late, and there's no way to actually upgrade the connection from an anonymous connection to one with a certificate.
 
 You must also add `app.UseAuthentication();` in the `Configure` method, otherwise nothing will ever get called.
 
-For example;
+For example:
 
 ```c#
 public void ConfigureServices(IServiceCollection services)
@@ -47,50 +38,41 @@ In the sample above you can see the default way to add certificate authenticatio
 
 ## Configuring Certificate Validation
 
-The `CertificateAuthenticationOptions` handler has some built in validations that are the minimium validations you should perform on 
-a certificate. Each of these settings are turned on by default.
+The `CertificateAuthenticationOptions` handler has some built in validations that are the minimum validations you should perform on a certificate. Each of these settings are turned on by default.
 
 ### ValidateCertificateChain
 
-This check validates that the issuer for the certificate is trusted by the application host OS. If 
-you are going to accept self-signed certificates you must disable this check.
+This check validates that the issuer for the certificate is trusted by the application host OS. If you are going to accept self-signed certificates you must disable this check.
 
 ### ValidateCertificateUse
 
-This check validates that the certificate presented by the client has the Client Authentication 
-extended key use, or no EKUs at all (as the specifications say if no EKU is specified then all EKUs 
-are valid). 
+This check validates that the certificate presented by the client has the Client Authentication extended key use, or no EKUs at all (as the specifications say if no EKU is specified then all EKUs are valid).
 
 ### ValidateValidityPeriod
 
-This check validates that the certificate is within its validity period. As the handler runs on every 
-request this ensures that a certificate that was valid when it was presented has not expired during
-its current session.
+This check validates that the certificate is within its validity period. As the handler runs on every request this ensures that a certificate that was valid when it was presented has not expired during its current session.
 
 ### RevocationFlag
 
 A flag which specifies which certificates in the chain are checked for revocation.
 
 Revocation checks are only performed when the certificate is chained to a root certificate.
 
-### RevocationMode 
+### RevocationMode
 
 A flag which specifies how revocation checks are performed.
+
 Specifying an on-line check can result in a long delay while the certificate authority is contacted.
 
 Revocation checks are only performed when the certificate is chained to a root certificate.
 
 ### Can I configure my application to require a certificate only on certain paths?
 
-Not possible, remember the certificate exchange is done that the start of the HTTPS conversation, 
-it's done by the host, not the application. Kestrel, IIS, Azure Web Apps don't have any configuration for
-this sort of thing.
+Not possible, remember the certificate exchange is done that the start of the HTTPS conversation, it's done by the host, not the application. Kestrel, IIS, Azure Web Apps don't have any configuration for this sort of thing.
 
-# Handler events
+## Handler events
 
-The handler has two events, `OnAuthenticationFailed()`, which is called if an exception happens during authentication and allows you to react, and `OnValidateCertificate()` which is 
-called after certificate has been validated, passed validation, abut before the default principal has been created. This allows you to perform your own validation, for example 
-checking if the certificate is one your services knows about, and to construct your own principal. For example,
+The handler has two events, `OnAuthenticationFailed()`, which is called if an exception happens during authentication and allows you to react, and `OnValidateCertificate()` which is called after certificate has been validated, passed validation, abut before the default principal has been created. This allows you to perform your own validation, for example checking if the certificate is one your services knows about, and to construct your own principal. For example:
 
 ```c#
 services.AddAuthentication(CertificateAuthenticationDefaults.AuthenticationScheme)
@@ -117,8 +99,7 @@ services.AddAuthentication(CertificateAuthenticationDefaults.AuthenticationSchem
 
 If you find the inbound certificate doesn't meet your extra validation call `context.Fail("failure Reason")` with a failure reason.
 
-For real functionality you will probably want to call a service registered in DI which talks to a database or other type of 
-user store. You can grab your service by using the context passed into your delegates, like so
+For real functionality you will probably want to call a service registered in DI which talks to a database or other type of user store. You can grab your service by using the context passed into your delegates, like so
 
 ```c#
 services.AddAuthentication(CertificateAuthenticationDefaults.AuthenticationScheme)
@@ -130,7 +111,7 @@ services.AddAuthentication(CertificateAuthenticationDefaults.AuthenticationSchem
                 {
                     var validationService =
                         context.HttpContext.RequestServices.GetService<ICertificateValidationService>();
-                    
+
                     if (validationService.ValidateCertificate(context.ClientCertificate))
                     {
                         var claims = new[]
@@ -141,17 +122,18 @@ services.AddAuthentication(CertificateAuthenticationDefaults.AuthenticationSchem
 
                         context.Principal = new ClaimsPrincipal(new ClaimsIdentity(claims, context.Scheme.Name));
                         context.Success();
-                    }                     
+                    }
 
                     return Task.CompletedTask;
                 }
             };
         });
 ```
+
 Note that conceptually the validation of the certification is an authorization concern, and putting a check on, for example, an issuer or thumbprint in an authorization policy rather 
 than inside OnCertificateValidated() is perfectly acceptable.
 
-## <a name="hostConfiguration"></a>Configuring your host to require certificates
+## Configuring your host to require certificates
 
 ### Kestrel
 
@@ -170,12 +152,12 @@ public static IWebHost BuildWebHost(string[] args)
     })
     .Build();
 ```
-You must set the `ClientCertificateValidation` delegate to `CertificateValidator.DisableChannelValidation` in order to stop Kestrel using the default OS certificate validation routine and, 
-instead, letting the authentication handler perform the validation.
+
+You must set the `ClientCertificateValidation` delegate to `CertificateValidator.DisableChannelValidation` in order to stop Kestrel using the default OS certificate validation routine and, instead, letting the authentication handler perform the validation.
 
 ### IIS
 
-In the IIS Manager 
+In the IIS Manager:
 
 1. Select your Site in the Connections tab.
 2. Double click the SSL Settings in the Features View window.
@@ -185,28 +167,21 @@ In the IIS Manager
 
 ### Azure
 
-See the [Azure documentation](https://docs.microsoft.com/en-us/azure/app-service/app-service-web-configure-tls-mutual-auth) 
-to configure Azure Web Apps then add the following to your application startup method, `Configure(IApplicationBuilder app)` add the 
-following line before the call to `app.UseAuthentication();`
+See the [Azure documentation](https://docs.microsoft.com/azure/app-service/app-service-web-configure-tls-mutual-auth) to configure Azure Web Apps then add the following to your application startup method, `Configure(IApplicationBuilder app)` add the following line before the call to `app.UseAuthentication();`:
 
 ```c#
 app.UseCertificateHeaderForwarding();
 ```
 
 ### Random custom web proxies
 
-If you're using a proxy which isn't IIS or Azure's Web Apps Application Request Routing you will need to configure your proxy
-to forward the certificate it received in an HTTP header. 
-In your application startup method, `Configure(IApplicationBuilder app)`, add the 
-following line before the call to `app.UseAuthentication();`
+If you're using a proxy which isn't IIS or Azure's Web Apps Application Request Routing you will need to configure your proxy to forward the certificate it received in an HTTP header. In your application startup method, `Configure(IApplicationBuilder app)`, add the following line before the call to `app.UseAuthentication();`:
 
 ```c#
 app.UseCertificateForwarding();
 ```
 
-You will also need to configure the Certificate Forwarding middleware to specify the header name.
-In your service configuration method, `ConfigureServices(IServiceCollection services)` add 
-the following code to configure the header the forwarding middleware will build a certificate from;
+You will also need to configure the Certificate Forwarding middleware to specify the header name. In your service configuration method, `ConfigureServices(IServiceCollection services)` add the following code to configure the header the forwarding middleware will build a certificate from:
 
 ```c#
 services.AddCertificateForwarding(options =>
@@ -215,9 +190,7 @@ services.AddCertificateForwarding(options =>
 });
 ```
 
-Finally, if your proxy is doing something weird to pass the header on, rather than base 64 encoding it 
-(looking at you nginx (╯°□°）╯︵ ┻━┻) you can override the converter option to be a func that will
-perform the optional conversion, for example 
+Finally, if your proxy is doing something weird to pass the header on, rather than base 64 encoding it (looking at you nginx (╯°□°）╯︵ ┻━┻) you can override the converter option to be a func that will perform the optional conversion, for example 
 
 ```c#
 services.AddCertificateForwarding(options =>
@@ -231,4 +204,3 @@ services.AddCertificateForwarding(options =>
     }
 });
 ```
-

src/Security/Authentication/MicrosoftAccount/src/MicrosoftChallengeProperties.cs

@@ -4,7 +4,7 @@
 namespace Microsoft.AspNetCore.Authentication.MicrosoftAccount
 {    
     /// <summary>
-    /// See https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow#request-an-authorization-code for reference
+    /// See https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow#request-an-authorization-code for reference
     /// </summary>
     public class MicrosoftChallengeProperties : OAuthChallengeProperties
     {

src/Security/Authentication/Negotiate/test/Negotiate.FunctionalTest/CrossMachineReadMe.md

@@ -1,24 +1,24 @@
 Cross Machine Tests
 
-Kerberos can only be tested in a multi-machine environment. On localhost it always falls back to NTLM which has different requirements.  Multi-machine is also neccisary for interop testing across OSs. Kerberos also requires domain controler SPN configuration so we can't test it on arbitrary test boxes.
+Kerberos can only be tested in a multi-machine environment. On localhost it always falls back to NTLM which has different requirements.  Multi-machine is also necessary for interop testing across OSs. Kerberos also requires domain controller SPN configuration so we can't test it on arbitrary test boxes.
 
 Test structure:
 - A remote test server with various endpoints with different authentication restrictions.
-- A remote test client with endpoints that execute specific scenarios. The input for these endpoints is theory data. The output is either 200Ok, or a failure code and desciption.
+- A remote test client with endpoints that execute specific scenarios. The input for these endpoints is theory data. The output is either 200Ok, or a failure code and description.
 - The CrossMachineTest class that drives the tests. It invokes the client app with the theory data and confirms the results.
 
-We use these three components beceause it allows us to run the tests from a dev machine or CI agent that is not part of the dedicated test domain/environment.
+We use these three components because it allows us to run the tests from a dev machine or CI agent that is not part of the dedicated test domain/environment.
 
 (Static) Environment Setup:
 - Warning, this environment can take a day to set up. That's why we want a static test environment that we can re-use.
 - Create a Windows server running DNS and Active Directory. Promote it to a domain controller.
   - Create an SPN on this machine for Windows -> Windows testing. `setspn -S "http/chrross-dc.crkerberos.com" -U administrator`
   - Future: Can we replace the domain controller with an AAD instance? We'd still want a second windows machine for Windows -> Windows testing, but AAD might be easier to configure.
-    - https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-getting-started
-    - https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-join-ubuntu-linux-vm
-    - https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-enable-kcd
+    - https://docs.microsoft.com/azure/active-directory-domain-services/active-directory-ds-getting-started
+    - https://docs.microsoft.com/azure/active-directory-domain-services/active-directory-ds-join-ubuntu-linux-vm
+    - https://docs.microsoft.com/azure/active-directory-domain-services/active-directory-ds-enable-kcd
 - Create another Windows machine and join it to the test domain.
-- Create a Linux machine and joing it to the domain. Ubuntu 18.04 has been used in the past.
+- Create a Linux machine and joining it to the domain. Ubuntu 18.04 has been used in the past.
   - https://www.safesquid.com/content-filtering/integrating-linux-host-windows-ad-kerberos-sso-authentication
   - Include an HTTP SPN
 

src/Security/README.md

@@ -3,9 +3,9 @@ ASP.NET Core Security
 
 Contains the security and authorization middlewares for ASP.NET Core.
 
-A list of community projects related to authentication and security for ASP.NET Core are listed in the [documentation](https://docs.microsoft.com/en-us/aspnet/core/security/authentication/community).
+A list of community projects related to authentication and security for ASP.NET Core are listed in the [documentation](https://docs.microsoft.com/aspnet/core/security/authentication/community).
 
-See the [ASP.NET Core security documentation](https://docs.microsoft.com/en-us/aspnet/core/security/).
+See the [ASP.NET Core security documentation](https://docs.microsoft.com/aspnet/core/security/).
 
 ### Notes
 

src/Security/samples/Identity.ExternalClaims/README.md

@@ -4,7 +4,7 @@ AuthSamples.Identity.ExternalClaims
 Sample demonstrating copying over static and dynamic external claims from Google authentication during login:
 
 Steps:
-1. Configure a google OAuth2 project. See https://docs.microsoft.com/en-us/aspnet/core/security/authentication/social/google-logins?tabs=aspnetcore2x for basic setup using google logins.
+1. Configure a google OAuth2 project. See https://docs.microsoft.com/aspnet/core/security/authentication/social/google-logins for basic setup using google logins.
 2. Update Startup.cs AddGoogle()'s options with ClientId and ClientSecret for your google app.
 3. Run the app and click on the MyClaims tab, this should trigger a redirect to login.
 4. Login via the Google button, this should redirect you to google.