From 06e24a8fdfbaf7e23a274bb26ba02f52596986d0 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Thu, 23 Apr 2015 16:05:05 -0700
Subject: [PATCH] Handle null auth, null descriptions.

---
 .../Authentication/AuthenticationDescription.cs        |  6 +++---
 .../Authentication/DefaultAuthenticationManager.cs     | 10 ++++++++++
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/src/Microsoft.AspNet.Http.Core/Authentication/AuthenticationDescription.cs b/src/Microsoft.AspNet.Http.Core/Authentication/AuthenticationDescription.cs
index 16b2c43247..97ca3fe18e 100644
--- a/src/Microsoft.AspNet.Http.Core/Authentication/AuthenticationDescription.cs
+++ b/src/Microsoft.AspNet.Http.Core/Authentication/AuthenticationDescription.cs
@@ -20,17 +20,17 @@ namespace Microsoft.AspNet.Http.Authentication
         /// Initializes a new instance of the <see cref="AuthenticationDescription"/> class
         /// </summary>
         public AuthenticationDescription()
+            : this(items: null)
         {
-            Items = new Dictionary<string, object>(StringComparer.Ordinal);
         }
 
         /// <summary>
         /// Initializes a new instance of the <see cref="AuthenticationDescription"/> class
         /// </summary>
         /// <param name="items"></param>
-        public AuthenticationDescription([NotNull] IDictionary<string, object> items)
+        public AuthenticationDescription(IDictionary<string, object> items)
         {
-            Items = items;
+            Items = items ?? new Dictionary<string, object>(StringComparer.Ordinal); ;
         }
 
         /// <summary>
diff --git a/src/Microsoft.AspNet.Http/Authentication/DefaultAuthenticationManager.cs b/src/Microsoft.AspNet.Http/Authentication/DefaultAuthenticationManager.cs
index e21bea9634..6f1c3ba419 100644
--- a/src/Microsoft.AspNet.Http/Authentication/DefaultAuthenticationManager.cs
+++ b/src/Microsoft.AspNet.Http/Authentication/DefaultAuthenticationManager.cs
@@ -61,6 +61,11 @@ namespace Microsoft.AspNet.Http.Authentication
                 throw new InvalidOperationException($"The following authentication scheme was not accepted: {authenticationScheme}");
             }
 
+            if (authenticateContext.Principal == null)
+            {
+                return null;
+            }
+
             return new AuthenticationResult(authenticateContext.Principal,
                 new AuthenticationProperties(authenticateContext.Properties),
                 new AuthenticationDescription(authenticateContext.Description));
@@ -82,6 +87,11 @@ namespace Microsoft.AspNet.Http.Authentication
                 throw new InvalidOperationException($"The following authentication scheme was not accepted: {authenticationScheme}");
             }
 
+            if (authenticateContext.Principal == null)
+            {
+                return null;
+            }
+
             return new AuthenticationResult(authenticateContext.Principal,
                 new AuthenticationProperties(authenticateContext.Properties),
                 new AuthenticationDescription(authenticateContext.Description));