Sensitive terms with GUIDs in Blazor node (#33885)

dotnet · Oct 21, 2024 · ca00852 · ca00852
1 parent 092b283
commit ca00852
Show file tree

Hide file tree

Showing 9 changed files with 20 additions and 22 deletions.
diff --git a/aspnetcore/blazor/fundamentals/routing.md b/aspnetcore/blazor/fundamentals/routing.md
@@ -372,7 +372,7 @@ Constraint | Example | Example Matches | Invariant<br>culture<br>matching
 `decimal` | `{price:decimal}` | `49.99`, `-1,000.01` | Yes
 `double` | `{weight:double}` | `1.234`, `-1,001.01e8` | Yes
 `float` | `{weight:float}` | `1.234`, `-1,001.01e8` | Yes
-`guid` | `{id:guid}` | `CD2C1638-1638-72D5-1638-DEADBEEF1638`, `{CD2C1638-1638-72D5-1638-DEADBEEF1638}` | No
+`guid` | `{id:guid}` | `00001111-aaaa-2222-bbbb-3333cccc4444`, `{00001111-aaaa-2222-bbbb-3333cccc4444}` | No
 `int` | `{id:int}` | `123456789`, `-123456789` | Yes
 `long` | `{ticks:long}` | `123456789`, `-123456789` | Yes
 `nonfile` | `{parameter:nonfile}` | Not `BlazorSample.styles.css`, not `favicon.ico` | Yes

diff --git a/aspnetcore/blazor/security/blazor-web-app-with-oidc.md b/aspnetcore/blazor/security/blazor-web-app-with-oidc.md
@@ -116,7 +116,7 @@ The following <xref:Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConn
   * Client Id (`{CLIENT ID}`): `00001111-aaaa-2222-bbbb-3333cccc4444`
 
   ```csharp
-  oidcOptions.Authority = "https://login.microsoftonline.com/a3942615-d115-4eb7-bc84-9974abcf5064/v2.0/";
+  oidcOptions.Authority = "https://login.microsoftonline.com/aaaabbbb-0000-cccc-1111-dddd2222eeee/v2.0/";
   oidcOptions.ClientId = "00001111-aaaa-2222-bbbb-3333cccc4444";
   ```
 
@@ -363,7 +363,7 @@ The following <xref:Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConn
   * Scope configured for weather data from `MinimalApiJwt` (`{API NAME}`): `Weather.Get`
 
   ```csharp
-  oidcOptions.Scope.Add("https://contoso.onmicrosoft.com/4ba4de56-9cef-45d9-83fa-a4c18f9f5f0f/Weather.Get");
+  oidcOptions.Scope.Add("https://contoso.onmicrosoft.com/00001111-aaaa-2222-bbbb-3333cccc4444/Weather.Get");
   ```
 
   The preceding example pertains to an app registered in a tenant with an AAD B2C tenant type. If the app is registered in an ME-ID tenant, the App ID URI is different, thus the scope is different.
@@ -390,7 +390,7 @@ The following <xref:Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConn
   * Client Id (`{CLIENT ID}`): `00001111-aaaa-2222-bbbb-3333cccc4444`
 
   ```csharp
-  oidcOptions.Authority = "https://login.microsoftonline.com/a3942615-d115-4eb7-bc84-9974abcf5064/v2.0/";
+  oidcOptions.Authority = "https://login.microsoftonline.com/aaaabbbb-0000-cccc-1111-dddd2222eeee/v2.0/";
   oidcOptions.ClientId = "00001111-aaaa-2222-bbbb-3333cccc4444";
   ```
 
@@ -560,13 +560,13 @@ Configure the project in the <xref:Microsoft.AspNetCore.Authentication.JwtBearer
   Authority (`{AUTHORITY}`): `https://login.microsoftonline.com/aaaabbbb-0000-cccc-1111-dddd2222eeee/v2.0/` (uses Tenant ID `aaaabbbb-0000-cccc-1111-dddd2222eeee`)
 
   ```csharp
-  jwtOptions.Authority = "https://login.microsoftonline.com/a3942615-d115-4eb7-bc84-9974abcf5064/v2.0/";
+  jwtOptions.Authority = "https://login.microsoftonline.com/aaaabbbb-0000-cccc-1111-dddd2222eeee/v2.0/";
   ```
 
   The preceding example pertains to an app registered in a tenant with an AAD B2C tenant type. If the app is registered in an ME-ID tenant, the authority should match the issurer (`iss`) of the JWT returned by the identity provider:
 
   ```csharp
-  jwtOptions.Authority = "https://sts.windows.net/a3942615-d115-4eb7-bc84-9974abcf5064/";
+  jwtOptions.Authority = "https://sts.windows.net/aaaabbbb-0000-cccc-1111-dddd2222eeee/";
   ```
 
 ### Minimal API for weather data

diff --git a/aspnetcore/blazor/security/includes/authorize-client-app.md b/aspnetcore/blazor/security/includes/authorize-client-app.md
@@ -2,4 +2,4 @@
 > If you don't have the authority to grant admin consent to the tenant in the last step of **API permissions** configuration because consent to use the app is delegated to users, then you must take the following additional steps:
 >
 > * The app must use a [trusted publisher domain](/entra/identity-platform/howto-configure-publisher-domain).
-> * In the **`Server`** app's configuration in the Azure portal, select **Expose an API**. Under **Authorized client applications**, select the button to **Add a client application**. Add the **`Client`** app's Application (client) ID (for example, `4369008b-21fa-427c-abaa-9b53bf58e538`).
+> * In the **`Server`** app's configuration in the Azure portal, select **Expose an API**. Under **Authorized client applications**, select the button to **Add a client application**. Add the **`Client`** app's Application (client) ID (for example, `11112222-bbbb-3333-cccc-4444dddd5555`).
diff --git a/aspnetcore/blazor/security/includes/troubleshoot-wasm.md b/aspnetcore/blazor/security/includes/troubleshoot-wasm.md
@@ -210,10 +210,10 @@ Example JWT decoded by the tool for an app that authenticates against Azure AAD
   "exp": 1610059429,
   "nbf": 1610055829,
   "ver": "1.0",
-  "iss": "https://mysiteb2c.b2clogin.com/5cc15ea8-a296-4aa3-97e4-226dcc9ad298/v2.0/",
+  "iss": "https://mysiteb2c.b2clogin.com/11112222-bbbb-3333-cccc-4444dddd5555/v2.0/",
   "sub": "aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb",
   "aud": "00001111-aaaa-2222-bbbb-3333cccc4444",
-  "nonce": "b2641f54-8dc4-42ca-97ea-7f12ff4af871",
+  "nonce": "bbbb0000-cccc-1111-dddd-2222eeee3333",
   "iat": 1610055829,
   "auth_time": 1610055822,
   "idp": "idp.com",

diff --git a/aspnetcore/blazor/security/webassembly/hosted-with-azure-active-directory-b2c.md b/aspnetcore/blazor/security/webassembly/hosted-with-azure-active-directory-b2c.md
@@ -137,7 +137,7 @@ The output location specified with the `-o|--output` option creates a project fo
 
 *The guidance in this section covers optionally populating `User.Identity.Name` with the value from the `name` claim.*
 
-The **:::no-loc text="Server":::** app API populates `User.Identity.Name` with the value from the `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name` claim type (for example, `2d64b3da-d9d5-42c6-9352-53d8df33d770@contoso.onmicrosoft.com`).
+The **:::no-loc text="Server":::** app API populates `User.Identity.Name` with the value from the `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name` claim type (for example, `aaaabbbb-0000-cccc-1111-dddd2222eeee@contoso.onmicrosoft.com`).
 
 To configure the app to receive the value from the `name` claim type:
 
@@ -358,7 +358,7 @@ Example default access token scope:
 
 ```csharp
 options.ProviderOptions.DefaultAccessTokenScopes.Add(
-    "https://contoso.onmicrosoft.com/41451fa7-82d9-4673-8fa5-69eff5a761fd/API.Access");
+    "https://contoso.onmicrosoft.com/00001111-aaaa-2222-bbbb-3333cccc4444/API.Access");
 ```
 
 For more information, see the following sections of the *Additional scenarios* article:

diff --git a/aspnetcore/blazor/security/webassembly/hosted-with-microsoft-entra-id.md b/aspnetcore/blazor/security/webassembly/hosted-with-microsoft-entra-id.md
@@ -141,7 +141,7 @@ The output location specified with the `-o|--output` option creates a project fo
 
 *The guidance in this section covers optionally populating `User.Identity.Name` with the value from the `name` claim.*
 
-The **:::no-loc text="Server":::** app API populates `User.Identity.Name` with the value from the `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name` claim type (for example, `2d64b3da-d9d5-42c6-9352-53d8df33d770@contoso.onmicrosoft.com`).
+The **:::no-loc text="Server":::** app API populates `User.Identity.Name` with the value from the `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name` claim type (for example, `bbbb0000-cccc-1111-dddd-2222eeee3333@contoso.onmicrosoft.com`).
 
 To configure the app to receive the value from the `name` claim type:
 
@@ -464,7 +464,7 @@ Instead of the App ID URI matching the format `api://{SERVER API APP CLIENT ID O
 
   ```csharp
   options.ProviderOptions.DefaultAccessTokenScopes
-      .Add("https://contoso.onmicrosoft.com/41451fa7-82d9-4673-8fa5-69eff5a761fd/API.Access");
+      .Add("https://contoso.onmicrosoft.com/00001111-aaaa-2222-bbbb-3333cccc4444/API.Access");
   ```
 
   In the preceding scope, the App ID URI/audience is the `https://contoso.onmicrosoft.com/00001111-aaaa-2222-bbbb-3333cccc4444` portion of the value, which doesn't include a trailing slash (`/`) and doesn't include the scope name (`API.Access`).

diff --git a/...e/blazor/security/webassembly/microsoft-entra-id-groups-and-roles-net-5-to-7.md b/...e/blazor/security/webassembly/microsoft-entra-id-groups-and-roles-net-5-to-7.md
@@ -542,7 +542,7 @@ When working with the default directory, follow the guidance in [Add app roles t
     ],
     "description": "Administrators manage developers.",
     "displayName": "Admin",
-    "id": "584e483a-7101-404b-9bb1-83bf9463e335",
+    "id": "{ADMIN GUID}",
     "isEnabled": true,
     "lang": null,
     "origin": "Application",
@@ -554,7 +554,7 @@ When working with the default directory, follow the guidance in [Add app roles t
     ],
     "description": "Developers write code.",
     "displayName": "Developer",
-    "id": "82770d35-2a93-4182-b3f5-3d7bfe9dfe46",
+    "id": "{DEVELOPER GUID}",
     "isEnabled": true,
     "lang": null,
     "origin": "Application",
@@ -563,8 +563,7 @@ When working with the default directory, follow the guidance in [Add app roles t
 ],
 ```
 
-> [!NOTE]
-> You can generate GUIDs with an [online GUID generator program (Google search result for "guid generator")](https://www.google.com/search?q=guid+generator). 
+For the `{ADMIN GUID}` and `{DEVELOPER GUID}` placeholders in the preceding example, you can generate GUIDs with an [online GUID generator (Google search result for "guid generator")](https://www.google.com/search?q=guid+generator).
 
 To assign a role to a user (or group if you have a Premium tier Azure account):
 

diff --git a/aspnetcore/blazor/security/webassembly/microsoft-entra-id-groups-and-roles.md b/aspnetcore/blazor/security/webassembly/microsoft-entra-id-groups-and-roles.md
@@ -282,7 +282,7 @@ Take either of the following approaches add app roles in ME-ID:
       ],
       "description": "Administrators manage developers.",
       "displayName": "Admin",
-      "id": "584e483a-7101-404b-9bb1-83bf9463e335",
+      "id": "{ADMIN GUID}",
       "isEnabled": true,
       "lang": null,
       "origin": "Application",
@@ -294,7 +294,7 @@ Take either of the following approaches add app roles in ME-ID:
       ],
       "description": "Developers write code.",
       "displayName": "Developer",
-      "id": "82770d35-2a93-4182-b3f5-3d7bfe9dfe46",
+      "id": "{DEVELOPER GUID}",
       "isEnabled": true,
       "lang": null,
       "origin": "Application",
@@ -303,8 +303,7 @@ Take either of the following approaches add app roles in ME-ID:
   ],
   ```
 
-  > [!NOTE]
-  > You can generate GUIDs with an [online GUID generator program (Google search result for "guid generator")](https://www.google.com/search?q=guid+generator). 
+  For the `{ADMIN GUID}` and `{DEVELOPER GUID}` placeholders in the preceding example, you can generate GUIDs with an [online GUID generator (Google search result for "guid generator")](https://www.google.com/search?q=guid+generator). 
 
 To assign a role to a user (or group if you have a Premium tier Azure account):
 

diff --git a/aspnetcore/blazor/tutorials/movie-database-app/part-4.md b/aspnetcore/blazor/tutorials/movie-database-app/part-4.md
@@ -95,7 +95,7 @@ For local development, configuration obtains the database connection string from
 
 The following is an example connection string:
 
-> :::no-loc text="Server=(localdb)\\mssqllocaldb;Database=BlazorWebAppMoviesContext-c347f669-bddf-56a3-a32e-7fe010306593;Trusted_Connection=True;MultipleActiveResultSets=true":::
+> :::no-loc text="Server=(localdb)\\mssqllocaldb;Database=BlazorWebAppMoviesContext-00001111-aaaa-2222-bbbb-3333cccc4444;Trusted_Connection=True;MultipleActiveResultSets=true":::
 
 When the app is deployed to a test/staging or production server, securely store the connection string outside of the project's configuration files.