Update ReadMe.md

ReadMe.md

@@ -4,7 +4,7 @@ ASP.NET Core Authentication and Authorization Sample
 Overview
 --------
 
-This sample demonstrates a simple authentication and authorization scenario in ASP.NET Core using JWT bearer tokens. The code is the same as descrbied in the blog posts [ASP.NET Core Authentication with IdentityServer4](https://blogs.msdn.microsoft.com/webdev/2017/01/23/asp-net-core-authentication-with-identityserver4/) and [JWT Validation and Authorization in ASP.NET Core](https://blogs.msdn.microsoft.com/webdev/2017/04/06/jwt-validation-and-authorization-in-asp-net-core/).
+This sample demonstrates a simple authentication and authorization scenario in ASP.NET Core using JWT bearer tokens. The code is the same as described in the blog posts [ASP.NET Core Authentication with IdentityServer4](https://blogs.msdn.microsoft.com/webdev/2017/01/23/asp-net-core-authentication-with-identityserver4/) and [JWT Validation and Authorization in ASP.NET Core](https://blogs.msdn.microsoft.com/webdev/2017/04/06/jwt-validation-and-authorization-in-asp-net-core/).
 
 The IdentityServer4Authentication project contains a simple MVC app that allows users to register or login (using ASP.NET Core Identity). It then uses [IdentityServer4](http://docs.identityserver.io/en/release/) to set up a JWT-based authentication service using a basic [OAuth2.0 resource-owner password flow](https://tools.ietf.org/html/rfc6749#section-1.3.3).
 
@@ -65,4 +65,4 @@ Authorization
 The IdentityServer4Authentication service does not perform any authorization as its only functions are to register users and provide login and token-issuing mechanisms. The WebClient service, though, makes use of ASP.NET Core authorization in a few diffferent ways:
 
 1. Some APIs are protected with [role based authorization](https://docs.microsoft.com/en-us/aspnet/core/security/authorization/roles) which looks at users' roles (based on the role claim in JWT tokens) to determine whether they can access the APIs. This authorization option is easy-to-use and works immediately with ASP.NET Core Identity or security tokens with a role claim.
-1. There is also a somewhat contrived usage of [custom policy-based authorization](https://docs.microsoft.com/en-us/aspnet/core/security/authorization/policies) in the `MaximumOfficeNumberRequirement` and `MaximumOfficeNumberAuthorizationHandler` types. These types are registered in Startup.cs and define a custom authorization requirement (which is satisified by `MaximumOfficeNumberAuthorizationHandler`). A custom policy is registered using the MaximumOfficeNumberRequirement which limits access to attributed APIs to users who satisfy the "office number <= 400" requirement. The `MaximumOfficeNumberAuthorizationHandler` contains the implementation of how to check whether the authorization requirement is satisfied. The authorization requirement can be applied to a type or method with an authorization attribute: `[Authorize(Policy = "OfficeNumberUnder400")]`.
+1. There is also a somewhat contrived usage of [custom policy-based authorization](https://docs.microsoft.com/en-us/aspnet/core/security/authorization/policies) in the `MaximumOfficeNumberRequirement` and `MaximumOfficeNumberAuthorizationHandler` types. These types are registered in Startup.cs and define a custom authorization requirement (which is satisified by `MaximumOfficeNumberAuthorizationHandler`). A custom policy is registered using the MaximumOfficeNumberRequirement which limits access to attributed APIs to users who satisfy the "office number <= 400" requirement. The `MaximumOfficeNumberAuthorizationHandler` contains the implementation of how to check whether the authorization requirement is satisfied. The authorization requirement can be applied to a type or method with an authorization attribute: `[Authorize(Policy = "OfficeNumberUnder400")]`.