put all "W" to "w" in web app and web api in comments (#539)

* put all "W" to "w" in web app and web api in comments

* 2 more

ProjectTemplates/AspNetCoreMicrosoftIdentityWebProjectTemplates.csproj

@@ -8,13 +8,13 @@
 
     <PackageType>Template</PackageType>
     <PackageId>Microsoft.Identity.Web.ProjectTemplates</PackageId>
-    <Title>ASP.NET Core Web app and Web API templates with Microsoft identity platform</Title>
+    <Title>ASP.NET Core web app and web API templates with Microsoft identity platform</Title>
     <PackageRequireLicenseAcceptance>true</PackageRequireLicenseAcceptance>
     <Company>Microsoft</Company>
     <Copyright>© Microsoft Corporation. All rights reserved.</Copyright>
     <Authors>Microsoft</Authors>
     <Description>
-      Templates to use when creating a web app that signs in users or a protected Web API
+      Templates to use when creating a web app that signs in users or a protected web API
       with the Microsoft identity platform (and call downstream APIs)
     </Description>
     <PackageLicenseExpression>MIT</PackageLicenseExpression>

src/Microsoft.Identity.Web/HttpContextExtensions.cs

@@ -21,7 +21,7 @@ internal static void StoreTokenUsedToCallWebAPI(this HttpContext httpContext, Jw
         }
 
         /// <summary>
-        /// Get the parsed information about the token used to call the Web API.
+        /// Get the parsed information about the token used to call the web API.
         /// </summary>
         /// <param name="httpContext">HTTP context associated with the current request.</param>
         /// <returns><see cref="JwtSecurityToken"/> used to call the web API.</returns>

src/Microsoft.Identity.Web/ITokenAcquisition.cs

@@ -15,7 +15,7 @@ namespace Microsoft.Identity.Web
     public interface ITokenAcquisition
     {
         /// <summary>
-        /// Typically used from an ASP.NET Core Web App or Web API controller, this method gets an access token
+        /// Typically used from an ASP.NET Core web app or web API controller, this method gets an access token
         /// for a downstream API on behalf of the user account which claims are provided in the <see cref="HttpContext.User"/>
         /// member of the controller's <see cref="HttpContext"/> parameter.
         /// </summary>
@@ -48,7 +48,7 @@ Task<string> GetAccessTokenForUserAsync(
         Task<string> GetAccessTokenForAppAsync(string scope, string? tenant = null);
 
         /// <summary>
-        /// Used in Web APIs (which therefore cannot have an interaction with the user).
+        /// Used in web APIs (which therefore cannot have an interaction with the user).
         /// Replies to the client through the HttpResponse by sending a 403 (forbidden) and populating wwwAuthenticateHeaders so that
         /// the client can trigger an interaction with the user so the user can consent to more scopes.
         /// </summary>

src/Microsoft.Identity.Web/ITokenAcquisitionInternal.cs

@@ -13,7 +13,7 @@ namespace Microsoft.Identity.Web
     internal interface ITokenAcquisitionInternal : ITokenAcquisition
     {
         /// <summary>
-        /// In a Web App, adds, to the MSAL.NET cache, the account of the user authenticating to the Web App, when the authorization code is received (after the user
+        /// In a web app, adds, to the MSAL.NET cache, the account of the user authenticating to the web app, when the authorization code is received (after the user
         /// signed-in and consented)
         /// An On-behalf-of token contained in the <see cref="AuthorizationCodeReceivedContext"/> is added to the cache, so that it can then be used to acquire another token on-behalf-of the
         /// same user in order to call to downstream APIs.
@@ -22,7 +22,7 @@ internal interface ITokenAcquisitionInternal : ITokenAcquisition
         /// <param name="scopes">Scopes to request.</param>
         /// <returns>A <see cref="Task"/> that represents a completed add to cache operation.</returns>
         /// <example>
-        /// From the configuration of the Authentication of the ASP.NET Core Web API:
+        /// From the configuration of the Authentication of the ASP.NET Core web API:
         /// <code>OpenIdConnectOptions options;</code>
         ///
         /// Subscribe to the authorization code received event:

src/Microsoft.Identity.Web/IncrementalConsentAndConditionalAccessHelper.cs

@@ -13,7 +13,7 @@ namespace Microsoft.Identity.Web
 {
     /// <summary>
     /// Helper methods to handle incremental consent and conditional access in
-    /// a Web app.
+    /// a web app.
     /// </summary>
     internal static class IncrementalConsentAndConditionalAccessHelper
     {

src/Microsoft.Identity.Web/Microsoft.Identity.Web.csproj

@@ -14,7 +14,7 @@
     <Company>Microsoft Corporation</Company>
     <Product>Microsoft Identity Web</Product>
     <Description>
-      This package enables ASP.NET Core Web apps and Web APIs to use the Microsoft identity platform (formerly Azure AD v2.0).
+      This package enables ASP.NET Core web apps and web APIs to use the Microsoft identity platform (formerly Azure AD v2.0).
       This package is specifically used for web applications, which sign-in users, and protected web APIs, which optionally call downstream web APIs.
     </Description>
     <Copyright>© Microsoft Corporation. All rights reserved.</Copyright>

src/Microsoft.Identity.Web/MicrosoftIdentityBaseAuthenticationBuilder.cs

@@ -7,7 +7,7 @@
 namespace Microsoft.Identity.Web
 {
     /// <summary>
-    /// Base class for Web app and Web API Microsoft Identity authentication
+    /// Base class for web app and web API Microsoft Identity authentication
     /// builders.
     /// </summary>
     public abstract class MicrosoftIdentityBaseAuthenticationBuilder

src/Microsoft.Identity.Web/MicrosoftIdentityOptions.cs

@@ -67,7 +67,7 @@ internal bool HasClientCredentials
         }
 
         /// <summary>
-        /// Description of the certificates used to prove the identity of the Web app or Web API.
+        /// Description of the certificates used to prove the identity of the web app or web API.
         /// For the moment only the first certificate is considered.
         /// </summary>
         /// <example> An example in the appsetting.json:
@@ -85,7 +85,7 @@ internal bool HasClientCredentials
         public IEnumerable<CertificateDescription>? ClientCertificates { get; set; }
 
         /// <summary>
-        /// Description of the certificates used to decrypt an encrypted token in a Web API.
+        /// Description of the certificates used to decrypt an encrypted token in a web API.
         /// For the moment only the first certificate is considered.
         /// </summary>
         /// <example> An example in the appsetting.json:

src/Microsoft.Identity.Web/MigrationAid/MicrosoftIdentityWebApiServiceCollectionExtensions.cs

@@ -11,7 +11,7 @@
 namespace Microsoft.Identity.Web
 {
     /// <summary>
-    /// Extension for IServiceCollection for startup initialization of Web APIs.
+    /// Extension for IServiceCollection for startup initialization of web APIs.
     /// </summary>
     public static partial class MicrosoftIdentityWebApiServiceCollectionExtensions
     {

src/Microsoft.Identity.Web/Resource/IOpenIdConnectMiddlewareDiagnostics.cs

@@ -7,7 +7,7 @@ namespace Microsoft.Identity.Web.Resource
 {
     /// <summary>
     /// Diagnostics used in the OpenID Connect middleware
-    /// (used in Web Apps).
+    /// (used in web apps).
     /// </summary>
     public interface IOpenIdConnectMiddlewareDiagnostics
     {

src/Microsoft.Identity.Web/Resource/JwtBearerMiddlewareDiagnostics.cs

@@ -10,7 +10,7 @@
 namespace Microsoft.Identity.Web.Resource
 {
     /// <summary>
-    /// Diagnostics for the JwtBearer middleware (used in Web APIs).
+    /// Diagnostics for the JwtBearer middleware (used in web APIs).
     /// </summary>
     public class JwtBearerMiddlewareDiagnostics : IJwtBearerMiddlewareDiagnostics
     {

src/Microsoft.Identity.Web/Resource/OpenIdConnectMiddlewareDiagnostics.cs

@@ -12,7 +12,7 @@ namespace Microsoft.Identity.Web.Resource
 {
     /// <summary>
     /// Diagnostics used in the OpenID Connect middleware
-    /// (used in Web Apps).
+    /// (used in web apps).
     /// </summary>
     public class OpenIdConnectMiddlewareDiagnostics : IOpenIdConnectMiddlewareDiagnostics
     {

src/Microsoft.Identity.Web/Resource/RegisterValidAudience.cs

@@ -34,18 +34,18 @@ public void RegisterAudienceValidation(
 
         /// <summary>
         /// Default validation of the audience:
-        /// - when registering an Azure AD Web API in the app registration portal (and adding a scope)
+        /// - when registering an Azure AD web API in the app registration portal (and adding a scope)
         ///   the default App ID URI generated by the portal is api://{clientID}
-        /// - However, the audience (aud) of the token acquired to access this Web API is different depending
-        ///   on the "accepted access token version" for the Web API:
+        /// - However, the audience (aud) of the token acquired to access this web API is different depending
+        ///   on the "accepted access token version" for the web API:
         ///   - if accepted token version is 1.0, the audience provided in the token
         ///     by the Microsoft identity platform (formerly Azure AD v2.0) endpoint is: api://{ClientID}
         ///   - if the accepted token version is 2.0, the audience provided by Azure AD v2.0 in the token
         ///     is {CliendID}
-        ///  When getting an access token for an Azure AD B2C Web API the audience in the token is
+        ///  When getting an access token for an Azure AD B2C web API the audience in the token is
         ///  api://{ClientID}.
         ///
-        /// When Web API developers don't provide the "Audience" in the configuration, Microsoft.Identity.Web
+        /// When web API developers don't provide the "Audience" in the configuration, Microsoft.Identity.Web
         /// considers that this is the default App ID URI as explained above. When developer provides the
         /// "Audience" member, it's available in the TokenValidationParameter.ValidAudience.
         /// </summary>

src/Microsoft.Identity.Web/Resource/RolesRequiredHttpContextExtensions.cs

@@ -14,7 +14,7 @@ namespace Microsoft.Identity.Web.Resource
 {
     /// <summary>
     /// Extension class providing the extension methods for <see cref="HttpContent"/> that
-    /// can be used in Web APIs to validate the roles in controller actions.
+    /// can be used in web APIs to validate the roles in controller actions.
     /// </summary>
     public static class RolesRequiredHttpContextExtensions
     {

src/Microsoft.Identity.Web/Resource/ScopesRequiredHttpContextExtensions.cs

@@ -13,7 +13,7 @@ namespace Microsoft.Identity.Web.Resource
 {
     /// <summary>
     /// Extension class providing the extension methods for <see cref="HttpContent"/> that
-    /// can be used in Web APIs to validate scopes in controller actions.
+    /// can be used in web APIs to validate scopes in controller actions.
     /// </summary>
     public static class ScopesRequiredHttpContextExtensions
     {

src/Microsoft.Identity.Web/ServiceCollectionExtensions.cs

@@ -8,7 +8,7 @@
 namespace Microsoft.Identity.Web
 {
     /// <summary>
-    /// Extensions for IServiceCollection for startup initialization of Web APIs.
+    /// Extensions for IServiceCollection for startup initialization of web APIs.
     /// </summary>
     public static class ServiceCollectionExtensions
     {

src/Microsoft.Identity.Web/TokenAcquisition.cs

@@ -103,7 +103,7 @@ public TokenAcquisition(
         /// <param name="context">The context used when an 'AuthorizationCode' is received over the OpenIdConnect protocol.</param>
         /// <param name="scopes">scopes to request access to.</param>
         /// <example>
-        /// From the configuration of the Authentication of the ASP.NET Core Web API:
+        /// From the configuration of the Authentication of the ASP.NET Core web API:
         /// <code>OpenIdConnectOptions options;</code>
         ///
         /// Subscribe to the authorization code received event:
@@ -171,20 +171,20 @@ public async Task AddAccountToCacheFromAuthorizationCodeAsync(
         }
 
         /// <summary>
-        /// Typically used from a Web App or WebAPI controller, this method retrieves an access token
+        /// Typically used from a web app or web API controller, this method retrieves an access token
         /// for a downstream API using;
-        /// 1) the token cache (for Web Apps and Web APIs) if a token exists in the cache
+        /// 1) the token cache (for web apps and web APIs) if a token exists in the cache
         /// 2) or the <a href='https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow'>on-behalf-of flow</a>
-        /// in Web APIs, for the user account that is ascertained from claims are provided in the <see cref="HttpContext.User"/>
+        /// in web APIs, for the user account that is ascertained from claims are provided in the <see cref="HttpContext.User"/>
         /// instance of the current HttpContext.
         /// </summary>
         /// <param name="scopes">Scopes to request for the downstream API to call.</param>
         /// <param name="tenant">Enables overriding of the tenant/account for the same identity. This is useful in the
         /// cases where a given account is a guest in other tenants, and you want to acquire tokens for a specific tenant, like where the user is a guest in.</param>
         /// <returns>An access token to call the downstream API and populated with this downstream API's scopes.</returns>
-        /// <remarks>Calling this method from a Web API supposes that you have previously called,
+        /// <remarks>Calling this method from a web API supposes that you have previously called,
         /// in a method called by JwtBearerOptions.Events.OnTokenValidated, the HttpContextExtensions.StoreTokenUsedToCallWebAPI method
-        /// passing the validated token (as a JwtSecurityToken). Calling it from a Web App supposes that
+        /// passing the validated token (as a JwtSecurityToken). Calling it from a web app supposes that
         /// you have previously called AddAccountToCacheFromAuthorizationCodeAsync from a method called by
         /// OpenIdConnectOptions.Events.OnAuthorizationCodeReceived.</remarks>
         [Obsolete("This method has been deprecated, please use the GetAccessTokenForUserAsync() method instead.")]
@@ -196,24 +196,24 @@ public async Task<string> GetAccessTokenOnBehalfOfUserAsync(
         }
 
         /// <summary>
-        /// Typically used from a Web App or WebAPI controller, this method retrieves an access token
+        /// Typically used from a web app or web API controller, this method retrieves an access token
         /// for a downstream API using;
-        /// 1) the token cache (for Web Apps and Web APis) if a token exists in the cache
+        /// 1) the token cache (for web apps and web APis) if a token exists in the cache
         /// 2) or the <a href='https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow'>on-behalf-of flow</a>
-        /// in Web APIs, for the user account that is ascertained from claims are provided in the <see cref="HttpContext.User"/>
+        /// in web APIs, for the user account that is ascertained from claims are provided in the <see cref="HttpContext.User"/>
         /// instance of the current HttpContext.
         /// </summary>
         /// <param name="scopes">Scopes to request for the downstream API to call.</param>
         /// <param name="tenant">Enables overriding of the tenant/account for the same identity. This is useful in the
         /// cases where a given account is guest in other tenants, and you want to acquire tokens for a specific tenant, like where the user is a guest in.</param>
         /// <param name="userFlow">Azure AD B2C user flow to target.</param>
         /// <param name="user">Optional claims principal representing the user. If not provided, will use the signed-in
-        /// user (in a web app), or the user for which the token was received (in a Web API)
+        /// user (in a web app), or the user for which the token was received (in a web API)
         /// cases where a given account is guest in other tenants, and you want to acquire tokens for a specific tenant, like where the user is a guest in.</param>
         /// <returns>An access token to call the downstream API and populated with this downstream API's scopes.</returns>
         /// <remarks>Calling this method from a web API supposes that you have previously called,
         /// in a method called by JwtBearerOptions.Events.OnTokenValidated, the HttpContextExtensions.StoreTokenUsedToCallWebAPI method
-        /// passing the validated token (as a JwtSecurityToken). Calling it from a Web App supposes that
+        /// passing the validated token (as a JwtSecurityToken). Calling it from a web app supposes that
         /// you have previously called AddAccountToCacheFromAuthorizationCodeAsync from a method called by
         /// OpenIdConnectOptions.Events.OnAuthorizationCodeReceived.</remarks>
         public async Task<string> GetAccessTokenForUserAsync(
@@ -257,10 +257,10 @@ public async Task<string> GetAccessTokenForUserAsync(
             }
             catch (MsalUiRequiredException ex)
             {
-                // GetAccessTokenForUserAsync is an abstraction that can be called from a Web App or a Web API
+                // GetAccessTokenForUserAsync is an abstraction that can be called from a web app or a web API
                 _logger.LogInformation(ex.Message);
 
-                // Case of the Web App: we let the MsalUiRequiredException be caught by the
+                // Case of the web app: we let the MsalUiRequiredException be caught by the
                 // AuthorizeForScopesAttribute exception filter so that the user can consent, do 2FA, etc ...
                 throw new MicrosoftIdentityWebChallengeUserException(ex, scopes.ToArray(), userFlow);
             }

src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiAuthenticationBuilderExtensions.cs

@@ -100,7 +100,7 @@ public static MicrosoftIdentityWebApiAuthenticationBuilderWithConfiguration AddM
         }
 
         /// <summary>
-        /// Protects the Web API with Microsoft identity platform (formerly Azure AD v2.0).
+        /// Protects the web API with Microsoft identity platform (formerly Azure AD v2.0).
         /// </summary>
         /// <param name="builder">The <see cref="AuthenticationBuilder"/> to which to add this configuration.</param>
         /// <param name="configureJwtBearerOptions">The action to configure <see cref="JwtBearerOptions"/>.</param>
@@ -176,7 +176,7 @@ private static void AddMicrosoftIdentityWebApiImplementation(
                         options.Authority = AuthorityHelpers.BuildAuthority(microsoftIdentityOptions);
                     }
 
-                    // This is a Microsoft identity platform Web API
+                    // This is a Microsoft identity platform web API
                     options.Authority = AuthorityHelpers.EnsureAuthorityIsV2(options.Authority);
 
                     options.TokenValidationParameters = options.TokenValidationParameters.Clone();
@@ -211,12 +211,12 @@ private static void AddMicrosoftIdentityWebApiImplementation(
                         options.Events = new JwtBearerEvents();
                     }
 
-                    // When an access token for our own Web API is validated, we add it to MSAL.NET's cache so that it can
+                    // When an access token for our own web API is validated, we add it to MSAL.NET's cache so that it can
                     // be used from the controllers.
                     var tokenValidatedHandler = options.Events.OnTokenValidated;
                     options.Events.OnTokenValidated = async context =>
                     {
-                        // This check is required to ensure that the Web API only accepts tokens from tenants where it has been consented and provisioned.
+                        // This check is required to ensure that the web API only accepts tokens from tenants where it has been consented and provisioned.
                         if (!context.Principal.Claims.Any(x => x.Type == ClaimConstants.Scope)
                         && !context.Principal.Claims.Any(y => y.Type == ClaimConstants.Scp)
                         && !context.Principal.Claims.Any(y => y.Type == ClaimConstants.Roles)
@@ -270,7 +270,7 @@ public static MicrosoftIdentityWebApiAuthenticationBuilderWithConfiguration AddM
         }
 
         /// <summary>
-        /// Protects the Web API with Microsoft identity platform (formerly Azure AD v2.0).
+        /// Protects the web API with Microsoft identity platform (formerly Azure AD v2.0).
         /// </summary>
         /// <param name="builder">The <see cref="AuthenticationBuilder"/> to which to add this configuration.</param>
         /// <param name="configureJwtBearerOptions">The action to configure <see cref="JwtBearerOptions"/>.</param>

src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiAuthenticationBuilderWithConfiguration.cs

@@ -9,7 +9,7 @@
 namespace Microsoft.Identity.Web
 {
     /// <summary>
-    /// Builder for Web API authentication with configuration.
+    /// Builder for web API authentication with configuration.
     /// </summary>
     public class MicrosoftIdentityWebApiAuthenticationBuilderWithConfiguration : MicrosoftIdentityWebApiAuthenticationBuilder
     {