diff --git a/aspnetcore/security/authentication/social/facebook-logins.md b/aspnetcore/security/authentication/social/facebook-logins.md
index 1c853d313a..5ca6789f62 100644
--- a/aspnetcore/security/authentication/social/facebook-logins.md
+++ b/aspnetcore/security/authentication/social/facebook-logins.md
@@ -58,6 +58,13 @@ This tutorial shows you how to enable your users to sign in with their Facebook
 
 Link sensitive settings like Facebook `App ID` and `App Secret` to your application configuration using the [Secret Manager](xref:security/app-secrets). For the purposes of this tutorial, name the tokens `Authentication:Facebook:AppId` and `Authentication:Facebook:AppSecret`.
 
+Execute the following commands to securely store `App ID` and `App Secret` using Secret Manager:
+
+```console
+dotnet user-secrets set Authentication:Facebook:AppId <app-id>
+dotnet user-secrets set Authentication:Facebook:AppSecret <app-secret>
+```
+
 ## Configure Facebook Authentication
 
 The project template used in this tutorial ensures that [Microsoft.AspNetCore.Authentication.Facebook](https://www.nuget.org/packages/Microsoft.AspNetCore.Authentication.Facebook) package is already installed.
diff --git a/aspnetcore/security/authorization/resourcebased.md b/aspnetcore/security/authorization/resourcebased.md
index 94ba322ef4..7ad5b57a6b 100644
--- a/aspnetcore/security/authorization/resourcebased.md
+++ b/aspnetcore/security/authorization/resourcebased.md
@@ -36,6 +36,19 @@ public class DocumentController : Controller
 
 `IAuthorizationService` has two methods, one where you pass the resource and the policy name and the other where you pass the resource and a list of requirements to evaluate.
 
+# [ASP.NET Core 2.x](#tab/aspnetcore2x)
+
+```csharp
+Task<AuthorizationResult> AuthorizeAsync(ClaimsPrincipal user,
+                          object resource,
+                          IEnumerable<IAuthorizationRequirement> requirements);
+Task<AuthorizationResult> AuthorizeAsync(ClaimsPrincipal user,
+                          object resource,
+                          string policyName);
+```
+
+# [ASP.NET Core 1.x](#tab/aspnetcore1x)
+
 ```csharp
 Task<bool> AuthorizeAsync(ClaimsPrincipal user,
                           object resource,
@@ -45,6 +58,8 @@ Task<bool> AuthorizeAsync(ClaimsPrincipal user,
                           string policyName);
 ```
 
+---
+
 <a name="security-authorization-resource-based-imperative"></a>
 
 To call the service, load your resource within your action then call the `AuthorizeAsync` overload you require. For example:
@@ -59,7 +74,7 @@ public async Task<IActionResult> Edit(Guid documentId)
         return new HttpNotFoundResult();
     }
 
-    if (await _authorizationService.AuthorizeAsync(User, document, "EditPolicy"))
+    if ((await _authorizationService.AuthorizeAsync(User, document, "EditPolicy")).Succeeded)
     {
         return View(document);
     }