diff --git a/src/Microsoft.AspNet.Http.Core/Authentication/AuthenticationDescription.cs b/src/Microsoft.AspNet.Http.Core/Authentication/AuthenticationDescription.cs
index 16b2c43247..97ca3fe18e 100644
--- a/src/Microsoft.AspNet.Http.Core/Authentication/AuthenticationDescription.cs
+++ b/src/Microsoft.AspNet.Http.Core/Authentication/AuthenticationDescription.cs
@@ -20,17 +20,17 @@ namespace Microsoft.AspNet.Http.Authentication
         /// Initializes a new instance of the <see cref="AuthenticationDescription"/> class
         /// </summary>
         public AuthenticationDescription()
+            : this(items: null)
         {
-            Items = new Dictionary<string, object>(StringComparer.Ordinal);
         }
 
         /// <summary>
         /// Initializes a new instance of the <see cref="AuthenticationDescription"/> class
         /// </summary>
         /// <param name="items"></param>
-        public AuthenticationDescription([NotNull] IDictionary<string, object> items)
+        public AuthenticationDescription(IDictionary<string, object> items)
         {
-            Items = items;
+            Items = items ?? new Dictionary<string, object>(StringComparer.Ordinal); ;
         }
 
         /// <summary>
diff --git a/src/Microsoft.AspNet.Http/Authentication/DefaultAuthenticationManager.cs b/src/Microsoft.AspNet.Http/Authentication/DefaultAuthenticationManager.cs
index e21bea9634..6f1c3ba419 100644
--- a/src/Microsoft.AspNet.Http/Authentication/DefaultAuthenticationManager.cs
+++ b/src/Microsoft.AspNet.Http/Authentication/DefaultAuthenticationManager.cs
@@ -61,6 +61,11 @@ namespace Microsoft.AspNet.Http.Authentication
                 throw new InvalidOperationException($"The following authentication scheme was not accepted: {authenticationScheme}");
             }
 
+            if (authenticateContext.Principal == null)
+            {
+                return null;
+            }
+
             return new AuthenticationResult(authenticateContext.Principal,
                 new AuthenticationProperties(authenticateContext.Properties),
                 new AuthenticationDescription(authenticateContext.Description));
@@ -82,6 +87,11 @@ namespace Microsoft.AspNet.Http.Authentication
                 throw new InvalidOperationException($"The following authentication scheme was not accepted: {authenticationScheme}");
             }
 
+            if (authenticateContext.Principal == null)
+            {
+                return null;
+            }
+
             return new AuthenticationResult(authenticateContext.Principal,
                 new AuthenticationProperties(authenticateContext.Properties),
                 new AuthenticationDescription(authenticateContext.Description));