Merge pull request #17911 from dotnet/master

Author: guardrex

aspnetcore/blazor/call-web-api.md

@@ -5,7 +5,7 @@ description: Learn how to call a web API from a Blazor WebAssembly app using JSO
 monikerRange: '>= aspnetcore-3.1'
 ms.author: riande
 ms.custom: mvc
-ms.date: 04/16/2020
+ms.date: 04/19/2020
 no-loc: [Blazor, SignalR]
 uid: blazor/call-web-api
 ---
@@ -112,7 +112,11 @@ JSON helper methods send requests to a URI (a web API in the following examples)
   }
   ```
 
-  Calls to `PostAsJsonAsync` return an <xref:System.Net.Http.HttpResponseMessage>.
+  Calls to `PostAsJsonAsync` return an <xref:System.Net.Http.HttpResponseMessage>. To deserialize the JSON content from the response message, use the `ReadFromJsonAsync<T>` extension method:
+  
+  ```csharp
+  var content = response.content.ReadFromJsonAsync<WeatherForecast>();
+  ```
 
 * `PutAsJsonAsync` &ndash; Sends an HTTP PUT request, including JSON-encoded content.
 
@@ -141,7 +145,11 @@ JSON helper methods send requests to a URI (a web API in the following examples)
   }
   ```
 
-  Calls to `PutAsJsonAsync` return an <xref:System.Net.Http.HttpResponseMessage>.
+  Calls to `PutAsJsonAsync` return an <xref:System.Net.Http.HttpResponseMessage>. To deserialize the JSON content from the response message, use the `ReadFromJsonAsync<T>` extension method:
+  
+  ```csharp
+  var content = response.content.ReadFromJsonAsync<WeatherForecast>();
+  ```
 
 <xref:System.Net.Http> includes additional extension methods for sending HTTP requests and receiving HTTP responses. [HttpClient.DeleteAsync](xref:System.Net.Http.HttpClient.DeleteAsync*) is used to send an HTTP DELETE request to a web API.
 

aspnetcore/blazor/templates.md

@@ -5,7 +5,7 @@ description: Learn about ASP.NET Core Blazor app templates and Blazor project st
 monikerRange: '>= aspnetcore-3.1'
 ms.author: riande
 ms.custom: mvc
-ms.date: 03/26/2020
+ms.date: 04/19/2020
 no-loc: [Blazor, SignalR]
 uid: blazor/templates
 ---
@@ -24,6 +24,13 @@ For more information on Blazor's hosting models, see <xref:blazor/hosting-models
 
 For step-by-step instructions on creating a Blazor app from a template, see <xref:blazor/get-started>.
 
+Template options are available by passing the `--help` option to the [dotnet new](/dotnet/core/tools/dotnet-new) CLI command:
+
+```dotnetcli
+dotnet new blazorwasm --help
+dotnet new blazorserver --help
+```
+
 ## Blazor project structure
 
 The following files and folders make up a Blazor app generated from a Blazor template:

aspnetcore/data/ef-rp/intro.md

@@ -154,7 +154,7 @@ A student can enroll in any number of courses, and a course can have any number
 
   [!code-csharp[Main](intro/samples/cu30snapshots/1-intro/Models/Student.cs)]
 
-The `ID` property becomes the primary key column of the database table that corresponds to this class. By default, EF Core interprets a property that's named `ID` or `classnameID` as the primary key. So the alternative automatically recognized name for the `Student` class primary key is `StudentID`.
+The `ID` property becomes the primary key column of the database table that corresponds to this class. By default, EF Core interprets a property that's named `ID` or `classnameID` as the primary key. So the alternative automatically recognized name for the `Student` class primary key is `StudentID`. For more information, see [EF Core - Keys](/ef/core/modeling/keys?tabs=data-annotations).
 
 The `Enrollments` property is a [navigation property](/ef/core/modeling/relationships). Navigation properties hold other entities that are related to this entity. In this case, the `Enrollments` property of a `Student` entity holds all of the `Enrollment` entities that are related to that Student. For example, if a Student row in the database has two related Enrollment rows, the `Enrollments` navigation property contains those two Enrollment entities. 
 

aspnetcore/fundamentals/dependency-injection.md

@@ -190,7 +190,7 @@ Transient lifetime services (<xref:Microsoft.Extensions.DependencyInjection.Serv
 Scoped lifetime services (<xref:Microsoft.Extensions.DependencyInjection.ServiceCollectionServiceExtensions.AddScoped*>) are created once per client request (connection).
 
 > [!WARNING]
-> When using a scoped service in a middleware, inject the service into the `Invoke` or `InvokeAsync` method. Don't inject via constructor injection because it forces the service to behave like a singleton. For more information, see <xref:fundamentals/middleware/write#per-request-middleware-dependencies>.
+> When using a scoped service in a middleware, inject the service into the `Invoke` or `InvokeAsync` method. Don't inject via [constructor injection](xref:mvc/controllers/dependency-injection#constructor-injection) because it forces the service to behave like a singleton. For more information, see <xref:fundamentals/middleware/write#per-request-middleware-dependencies>.
 
 ### Singleton
 
@@ -255,9 +255,9 @@ Services can be resolved by two mechanisms:
 
 Constructors can accept arguments that aren't provided by dependency injection, but the arguments must assign default values.
 
-When services are resolved by `IServiceProvider` or `ActivatorUtilities`, constructor injection requires a *public* constructor.
+When services are resolved by `IServiceProvider` or `ActivatorUtilities`, [constructor injection](xref:mvc/controllers/dependency-injection#constructor-injection) requires a *public* constructor.
 
-When services are resolved by `ActivatorUtilities`, constructor injection requires that only one applicable constructor exists. Constructor overloads are supported, but only one overload can exist whose arguments can all be fulfilled by dependency injection.
+When services are resolved by `ActivatorUtilities`, [constructor injection](xref:mvc/controllers/dependency-injection#constructor-injection) requires that only one applicable constructor exists. Constructor overloads are supported, but only one overload can exist whose arguments can all be fulfilled by dependency injection.
 
 ## Entity Framework contexts
 
@@ -727,7 +727,7 @@ Transient lifetime services (<xref:Microsoft.Extensions.DependencyInjection.Serv
 Scoped lifetime services (<xref:Microsoft.Extensions.DependencyInjection.ServiceCollectionServiceExtensions.AddScoped*>) are created once per client request (connection).
 
 > [!WARNING]
-> When using a scoped service in a middleware, inject the service into the `Invoke` or `InvokeAsync` method. Don't inject via constructor injection because it forces the service to behave like a singleton. For more information, see <xref:fundamentals/middleware/write#per-request-middleware-dependencies>.
+> When using a scoped service in a middleware, inject the service into the `Invoke` or `InvokeAsync` method. Don't inject via [constructor injection](xref:mvc/controllers/dependency-injection#constructor-injection) because it forces the service to behave like a singleton. For more information, see <xref:fundamentals/middleware/write#per-request-middleware-dependencies>.
 
 ### Singleton
 
@@ -792,9 +792,9 @@ Services can be resolved by two mechanisms:
 
 Constructors can accept arguments that aren't provided by dependency injection, but the arguments must assign default values.
 
-When services are resolved by `IServiceProvider` or `ActivatorUtilities`, constructor injection requires a *public* constructor.
+When services are resolved by `IServiceProvider` or `ActivatorUtilities`, [constructor injection](xref:mvc/controllers/dependency-injection#constructor-injection) requires a *public* constructor.
 
-When services are resolved by `ActivatorUtilities`, constructor injection requires that only one applicable constructor exists. Constructor overloads are supported, but only one overload can exist whose arguments can all be fulfilled by dependency injection.
+When services are resolved by `ActivatorUtilities`, [constructor injection](xref:mvc/controllers/dependency-injection#constructor-injection) requires that only one applicable constructor exists. Constructor overloads are supported, but only one overload can exist whose arguments can all be fulfilled by dependency injection.
 
 ## Entity Framework contexts
 

aspnetcore/includes/RP/model1b.md

@@ -6,7 +6,7 @@ Add the following properties to the `Movie` class:
 The `Movie` class contains:
 
 * The `ID` field is required by the database for the primary key.
-* `[DataType(DataType.Date)]`:  The [DataType](/dotnet/api/microsoft.aspnetcore.mvc.dataannotations.internal.datatypeattributeadapter) attribute specifies the type of the data (Date). With this attribute:
+* `[DataType(DataType.Date)]`:  The [DataType](xref:System.ComponentModel.DataAnnotations.DataTypeAttribute) attribute specifies the type of the data (Date). With this attribute:
 
   * The user is not required to enter time information in the date field.
   * Only the date is displayed, not time information.

aspnetcore/includes/blazor-security/fetchdata-component.md

@@ -38,7 +38,7 @@ If the request failed because the token couldn't be provisioned without user int
         {
             httpClient.DefaultRequestHeaders.Add("Authorization", 
                 $"Bearer {token.Value}");
-            forecasts = await httpClient.GetJsonAsync<WeatherForecast[]>(
+            forecasts = await httpClient.GetFromJsonAsync<WeatherForecast[]>(
                 "WeatherForecast");
         }
         else

aspnetcore/includes/blazor-security/imports-hosted.razor

@@ -1,4 +1,5 @@
 @using System.Net.Http
+@using System.Net.Http.Json
 @using Microsoft.AspNetCore.Components.Authorization
 @using Microsoft.AspNetCore.Components.Forms
 @using Microsoft.AspNetCore.Components.Routing

aspnetcore/includes/blazor-security/imports-standalone.razor

@@ -1,4 +1,5 @@
 @using System.Net.Http
+@using System.Net.Http.Json
 @using Microsoft.AspNetCore.Components.Authorization
 @using Microsoft.AspNetCore.Components.Forms
 @using Microsoft.AspNetCore.Components.Routing

aspnetcore/mvc/models/file-uploads.md

@@ -5,7 +5,7 @@ description: How to use model binding and streaming to upload files in ASP.NET C
 monikerRange: '>= aspnetcore-2.1'
 ms.author: riande
 ms.custom: mvc
-ms.date: 02/25/2020
+ms.date: 04/18/2020
 uid: mvc/models/file-uploads
 ---
 # Upload files in ASP.NET Core
@@ -49,7 +49,7 @@ Security steps that reduce the likelihood of a successful attack are:
 >
 > For information on reducing the attack surface area when accepting files from users, see the following resources:
 >
-> * [Unrestricted File Upload](https://www.owasp.org/index.php/Unrestricted_File_Upload)
+> * [Unrestricted File Upload](https://owasp.org/www-community/vulnerabilities/Unrestricted_File_Upload)
 > * [Azure Security: Ensure appropriate controls are in place when accepting files from users](/azure/security/azure-security-threat-modeling-tool-input-validation#controls-users)
 
 For more information on implementing security measures, including examples from the sample app, see the [Validation](#validation) section.
@@ -778,7 +778,7 @@ Security steps that reduce the likelihood of a successful attack are:
 >
 > For information on reducing the attack surface area when accepting files from users, see the following resources:
 >
-> * [Unrestricted File Upload](https://www.owasp.org/index.php/Unrestricted_File_Upload)
+> * [Unrestricted File Upload](https://owasp.org/www-community/vulnerabilities/Unrestricted_File_Upload)
 > * [Azure Security: Ensure appropriate controls are in place when accepting files from users](/azure/security/azure-security-threat-modeling-tool-input-validation#controls-users)
 
 For more information on implementing security measures, including examples from the sample app, see the [Validation](#validation) section.
@@ -1466,6 +1466,6 @@ The examples in this topic rely upon <xref:System.IO.MemoryStream> to hold the u
 
 ## Additional resources
 
-* [Unrestricted File Upload](https://www.owasp.org/index.php/Unrestricted_File_Upload)
+* [Unrestricted File Upload](https://owasp.org/www-community/vulnerabilities/Unrestricted_File_Upload)
 * [Azure Security: Security Frame: Input Validation | Mitigations](/azure/security/azure-security-threat-modeling-tool-input-validation)
 * [Azure Cloud Design Patterns: Valet Key pattern](/azure/architecture/patterns/valet-key)

aspnetcore/security/blazor/webassembly/additional-scenarios.md

@@ -5,7 +5,7 @@ description:
 monikerRange: '>= aspnetcore-3.1'
 ms.author: riande
 ms.custom: mvc
-ms.date: 03/30/2020
+ms.date: 04/19/2020
 no-loc: [Blazor, SignalR]
 uid: security/blazor/webassembly/additional-scenarios
 ---
@@ -134,7 +134,7 @@ The following example shows how to:
         {
             httpClient.DefaultRequestHeaders.Add("Authorization", 
                 $"Bearer {token.Value}");
-            await httpClient.PostJsonAsync("Save", User);
+            await httpClient.PostAsJsonAsync("Save", User);
         }
         else
         {