From a68c7241b5f87afaf009666395faf921b55eba07 Mon Sep 17 00:00:00 2001
From: Scott Addie <scott.addie@microsoft.com>
Date: Thu, 5 Oct 2017 21:50:15 -0500
Subject: [PATCH 1/9] Invoke a simpler UseMvc overload in Razor Pages templates

---
 .../content/RazorPagesWeb-CSharp/Startup.cs                | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/src/Microsoft.DotNet.Web.ProjectTemplates/content/RazorPagesWeb-CSharp/Startup.cs b/src/Microsoft.DotNet.Web.ProjectTemplates/content/RazorPagesWeb-CSharp/Startup.cs
index da13981417..b8b16bc103 100644
--- a/src/Microsoft.DotNet.Web.ProjectTemplates/content/RazorPagesWeb-CSharp/Startup.cs
+++ b/src/Microsoft.DotNet.Web.ProjectTemplates/content/RazorPagesWeb-CSharp/Startup.cs
@@ -129,12 +129,7 @@ namespace Company.WebApplication1
             app.UseAuthentication();
 
 #endif
-            app.UseMvc(routes =>
-            {
-                routes.MapRoute(
-                    name: "default",
-                    template: "{controller}/{action=Index}/{id?}");
-            });
+            app.UseMvc();
         }
     }
 }

From 3a4c81dcc99fbfcb14d73994ac6255f6eced7ac1 Mon Sep 17 00:00:00 2001
From: Scott Addie <scott.addie@microsoft.com>
Date: Mon, 2 Oct 2017 22:18:54 -0500
Subject: [PATCH 2/9] Change order of UseBrowserLink method invocation

---
 .../content/RazorPagesWeb-CSharp/Startup.cs                     | 2 +-
 .../content/StarterWeb-CSharp/Startup.cs                        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.DotNet.Web.ProjectTemplates/content/RazorPagesWeb-CSharp/Startup.cs b/src/Microsoft.DotNet.Web.ProjectTemplates/content/RazorPagesWeb-CSharp/Startup.cs
index b8b16bc103..bf20114164 100644
--- a/src/Microsoft.DotNet.Web.ProjectTemplates/content/RazorPagesWeb-CSharp/Startup.cs
+++ b/src/Microsoft.DotNet.Web.ProjectTemplates/content/RazorPagesWeb-CSharp/Startup.cs
@@ -110,10 +110,10 @@ namespace Company.WebApplication1
         {
             if (env.IsDevelopment())
             {
-                app.UseDeveloperExceptionPage();
 #if (UseBrowserLink)
                 app.UseBrowserLink();
 #endif
+                app.UseDeveloperExceptionPage();
 #if (IndividualLocalAuth)
                 app.UseDatabaseErrorPage();
 #endif
diff --git a/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/Startup.cs b/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/Startup.cs
index ba511285a5..9abfda7cbd 100644
--- a/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/Startup.cs
+++ b/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/Startup.cs
@@ -78,10 +78,10 @@ namespace Company.WebApplication1
         {
             if (env.IsDevelopment())
             {
-                app.UseDeveloperExceptionPage();
 #if (UseBrowserLink)
                 app.UseBrowserLink();
 #endif
+                app.UseDeveloperExceptionPage();
 #if (IndividualLocalAuth)
                 app.UseDatabaseErrorPage();
 #endif

From beaa7933b67a1e7e6b74b6de33b1ef8fd0e1f01f Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Wed, 6 Dec 2017 16:35:35 -0800
Subject: [PATCH 3/9] Bump templating package version to 2.0.4

---
 version.props | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/version.props b/version.props
index 47ffd05e45..09e8aa45e5 100644
--- a/version.props
+++ b/version.props
@@ -1,6 +1,6 @@
 <Project>
   <PropertyGroup>
-    <VersionPrefix>2.0.3</VersionPrefix>
+    <VersionPrefix>2.0.4</VersionPrefix>
     <VersionSuffix>rtm</VersionSuffix>
     <PackageVersion Condition="'$(IsFinalBuild)' == 'true' AND '$(VersionSuffix)' == 'rtm' ">$(VersionPrefix)</PackageVersion>
     <PackageVersion Condition="'$(IsFinalBuild)' == 'true' AND '$(VersionSuffix)' != 'rtm' ">$(VersionPrefix)-$(VersionSuffix)-final</PackageVersion>

From e4ecd070ebe62b4f54a479dbf726668a8cf86098 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Tue, 5 Dec 2017 15:34:11 -0800
Subject: [PATCH 4/9] Use AuthenticatorUrl generated on the server in
 EnableAuthenticator pages * Update prerelease package versions * Install the
 right CLI version

---
 Directory.Build.props                         |  2 +
 Directory.Build.targets                       |  5 ++-
 build/dependencies.props                      | 40 +++++++++---------
 build/repo.props                              |  7 ++++
 build/sources.props                           |  1 -
 .../Account/Manage/EnableAuthenticator.cshtml |  2 +-
 .../Manage/EnableAuthenticator.cshtml.cs      | 14 +++----
 .../Controllers/ManageController.cs           | 41 +++++++++++--------
 .../EnableAuthenticatorViewModel.cs           |  4 +-
 .../Views/Manage/EnableAuthenticator.cshtml   |  2 +-
 10 files changed, 66 insertions(+), 52 deletions(-)
 create mode 100644 build/repo.props

diff --git a/Directory.Build.props b/Directory.Build.props
index e89ffae876..d867f8478f 100644
--- a/Directory.Build.props
+++ b/Directory.Build.props
@@ -1,5 +1,7 @@
 <Project>
   <Import Project="version.props" />
+  <Import Project="build\dependencies.props" />
+
   <PropertyGroup>
     <GenerateSourceLinkFile>false</GenerateSourceLinkFile>
   </PropertyGroup>
diff --git a/Directory.Build.targets b/Directory.Build.targets
index 6902b49b99..ba8545d8c4 100644
--- a/Directory.Build.targets
+++ b/Directory.Build.targets
@@ -1,5 +1,6 @@
 <Project>
   <Import Project="build\sources.props" />
-  <!-- This is imported at the bottom of the file so properties such as RuntimeFrameworkVersion can be set based on TargetFramework -->
-  <Import Project="build\dependencies.props" />
+  <PropertyGroup>
+    <RuntimeFrameworkVersion Condition="'$(TargetFramework)' == 'netcoreapp2.0'">$(MicrosoftNETCoreApp20PackageVersion)</RuntimeFrameworkVersion>
+  </PropertyGroup>
 </Project>
diff --git a/build/dependencies.props b/build/dependencies.props
index 2622549aa1..a499aa7e71 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -5,32 +5,32 @@
 
   <PropertyGroup Label="PackageVersions">
     <InternalAspNetCoreSdkPackageVersion>2.0.2-rc1-16007</InternalAspNetCoreSdkPackageVersion>
-    <MicrosoftAspNetCoreAllPackageVersion>2.0.3-rtm-207</MicrosoftAspNetCoreAllPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationCookiesPackageVersion>2.0.1-rtm-207</MicrosoftAspNetCoreAuthenticationCookiesPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationJwtBearerPackageVersion>2.0.1-rtm-207</MicrosoftAspNetCoreAuthenticationJwtBearerPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationOpenIdConnectPackageVersion>2.0.1-rtm-207</MicrosoftAspNetCoreAuthenticationOpenIdConnectPackageVersion>
-    <MicrosoftAspNetCoreDiagnosticsEntityFrameworkCorePackageVersion>2.0.1-rtm-207</MicrosoftAspNetCoreDiagnosticsEntityFrameworkCorePackageVersion>
-    <MicrosoftAspNetCoreIdentityEntityFrameworkCorePackageVersion>2.0.1-rtm-207</MicrosoftAspNetCoreIdentityEntityFrameworkCorePackageVersion>
-    <MicrosoftAspNetCoreMvcPackageVersion>2.0.1-rtm-207</MicrosoftAspNetCoreMvcPackageVersion>
-    <MicrosoftAspNetCoreMvcRazorViewCompilationPackageVersion>2.0.1-rtm-207</MicrosoftAspNetCoreMvcRazorViewCompilationPackageVersion>
-    <MicrosoftAspNetCorePackageVersion>2.0.1-rtm-207</MicrosoftAspNetCorePackageVersion>
-    <MicrosoftAspNetCoreSpaServicesPackageVersion>2.0.1-rtm-207</MicrosoftAspNetCoreSpaServicesPackageVersion>
-    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.0.1-rtm-207</MicrosoftAspNetCoreStaticFilesPackageVersion>
+    <MicrosoftAspNetCoreAllPackageVersion>2.0.3</MicrosoftAspNetCoreAllPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationCookiesPackageVersion>2.0.1</MicrosoftAspNetCoreAuthenticationCookiesPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationJwtBearerPackageVersion>2.0.1</MicrosoftAspNetCoreAuthenticationJwtBearerPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationOpenIdConnectPackageVersion>2.0.1</MicrosoftAspNetCoreAuthenticationOpenIdConnectPackageVersion>
+    <MicrosoftAspNetCoreDiagnosticsEntityFrameworkCorePackageVersion>2.0.1</MicrosoftAspNetCoreDiagnosticsEntityFrameworkCorePackageVersion>
+    <MicrosoftAspNetCoreIdentityEntityFrameworkCorePackageVersion>2.0.1</MicrosoftAspNetCoreIdentityEntityFrameworkCorePackageVersion>
+    <MicrosoftAspNetCoreMvcPackageVersion>2.0.1</MicrosoftAspNetCoreMvcPackageVersion>
+    <MicrosoftAspNetCoreMvcRazorViewCompilationPackageVersion>2.0.1</MicrosoftAspNetCoreMvcRazorViewCompilationPackageVersion>
+    <MicrosoftAspNetCorePackageVersion>2.0.1</MicrosoftAspNetCorePackageVersion>
+    <MicrosoftAspNetCoreSpaServicesPackageVersion>2.0.1</MicrosoftAspNetCoreSpaServicesPackageVersion>
+    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.0.1</MicrosoftAspNetCoreStaticFilesPackageVersion>
     <MicrosoftAspNetCoreTestingPackageVersion>2.0.0</MicrosoftAspNetCoreTestingPackageVersion>
     <MicrosoftBuildFrameworkPackageVersion>15.3.409</MicrosoftBuildFrameworkPackageVersion>
     <MicrosoftBuildUtilitiesCorePackageVersion>15.3.409</MicrosoftBuildUtilitiesCorePackageVersion>
-    <MicrosoftEntityFrameworkCoreDesignPackageVersion>2.0.1-rtm-207</MicrosoftEntityFrameworkCoreDesignPackageVersion>
-    <MicrosoftEntityFrameworkCoreSqlitePackageVersion>2.0.1-rtm-207</MicrosoftEntityFrameworkCoreSqlitePackageVersion>
-    <MicrosoftEntityFrameworkCoreSqlServerPackageVersion>2.0.1-rtm-207</MicrosoftEntityFrameworkCoreSqlServerPackageVersion>
-    <MicrosoftEntityFrameworkCoreToolsDotNetPackageVersion>2.0.1-rtm-207</MicrosoftEntityFrameworkCoreToolsDotNetPackageVersion>
-    <MicrosoftEntityFrameworkCoreToolsPackageVersion>2.0.1-rtm-207</MicrosoftEntityFrameworkCoreToolsPackageVersion>
+    <MicrosoftEntityFrameworkCoreDesignPackageVersion>2.0.1</MicrosoftEntityFrameworkCoreDesignPackageVersion>
+    <MicrosoftEntityFrameworkCoreSqlitePackageVersion>2.0.1</MicrosoftEntityFrameworkCoreSqlitePackageVersion>
+    <MicrosoftEntityFrameworkCoreSqlServerPackageVersion>2.0.1</MicrosoftEntityFrameworkCoreSqlServerPackageVersion>
+    <MicrosoftEntityFrameworkCoreToolsDotNetPackageVersion>2.0.1</MicrosoftEntityFrameworkCoreToolsDotNetPackageVersion>
+    <MicrosoftEntityFrameworkCoreToolsPackageVersion>2.0.1</MicrosoftEntityFrameworkCoreToolsPackageVersion>
     <MicrosoftExtensionsCommandLineUtilsSourcesPackageVersion>2.0.0</MicrosoftExtensionsCommandLineUtilsSourcesPackageVersion>
     <MicrosoftExtensionsSecretManagerToolsPackageVersion>2.0.0</MicrosoftExtensionsSecretManagerToolsPackageVersion>
     <MicrosoftNETTestSdkPackageVersion>15.3.0</MicrosoftNETTestSdkPackageVersion>
-    <MicrosoftVisualStudioWebBrowserLinkPackageVersion>2.0.1-rtm-207</MicrosoftVisualStudioWebBrowserLinkPackageVersion>
-    <MicrosoftVisualStudioWebCodeGenerationDesignPackageVersion>2.0.1-rtm-207</MicrosoftVisualStudioWebCodeGenerationDesignPackageVersion>
-    <MicrosoftVisualStudioWebCodeGenerationToolsPackageVersion>2.0.1-rtm-207</MicrosoftVisualStudioWebCodeGenerationToolsPackageVersion>
-    <RuntimeFrameworkVersion Condition="'$(TargetFramework)' == 'netcoreapp2.0'">2.0.2-servicing-25728-02</RuntimeFrameworkVersion>
+    <MicrosoftVisualStudioWebBrowserLinkPackageVersion>2.0.1</MicrosoftVisualStudioWebBrowserLinkPackageVersion>
+    <MicrosoftVisualStudioWebCodeGenerationDesignPackageVersion>2.0.1</MicrosoftVisualStudioWebCodeGenerationDesignPackageVersion>
+    <MicrosoftVisualStudioWebCodeGenerationToolsPackageVersion>2.0.1</MicrosoftVisualStudioWebCodeGenerationToolsPackageVersion>
+    <MicrosoftNETCoreApp20PackageVersion>2.0.3</MicrosoftNETCoreApp20PackageVersion>
     <SeleniumFirefoxWebDriverPackageVersion>0.19.0</SeleniumFirefoxWebDriverPackageVersion>
     <SeleniumSupportPackageVersion>3.6.0</SeleniumSupportPackageVersion>
     <SeleniumWebDriverMicrosoftDriverPackageVersion>16.16299.0</SeleniumWebDriverMicrosoftDriverPackageVersion>
diff --git a/build/repo.props b/build/repo.props
new file mode 100644
index 0000000000..468b1c2261
--- /dev/null
+++ b/build/repo.props
@@ -0,0 +1,7 @@
+<Project>
+  <Import Project="dependencies.props" />
+
+  <ItemGroup>
+    <DotNetCoreRuntime Include="$(MicrosoftNETCoreApp20PackageVersion)" />
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/build/sources.props b/build/sources.props
index 8ab0fd1511..281a1a25e6 100644
--- a/build/sources.props
+++ b/build/sources.props
@@ -5,7 +5,6 @@
     <RestoreSources>$(DotNetRestoreSources)</RestoreSources>
     <RestoreSources Condition="'$(DotNetBuildOffline)' != 'true' AND '$(AspNetUniverseBuildOffline)' != 'true' ">
       $(RestoreSources);
-      https://dotnet.myget.org/F/aspnet-2-0-2-october2017-patch/api/v3/index.json;
       https://dotnet.myget.org/F/aspnetcore-master/api/v3/index.json;
       https://dotnet.myget.org/F/aspnetcore-tools/api/v3/index.json;
     </RestoreSources>
diff --git a/src/Microsoft.DotNet.Web.ProjectTemplates/content/RazorPagesWeb-CSharp/Pages/Account/Manage/EnableAuthenticator.cshtml b/src/Microsoft.DotNet.Web.ProjectTemplates/content/RazorPagesWeb-CSharp/Pages/Account/Manage/EnableAuthenticator.cshtml
index 1d68558407..9d1113d779 100644
--- a/src/Microsoft.DotNet.Web.ProjectTemplates/content/RazorPagesWeb-CSharp/Pages/Account/Manage/EnableAuthenticator.cshtml
+++ b/src/Microsoft.DotNet.Web.ProjectTemplates/content/RazorPagesWeb-CSharp/Pages/Account/Manage/EnableAuthenticator.cshtml
@@ -24,7 +24,7 @@
             <p>Scan the QR Code or enter this key <kbd>@Model.SharedKey</kbd> into your two factor authenticator app. Spaces and casing do not matter.</p>
             <div class="alert alert-info">To enable QR code generation please read our <a href="https://go.microsoft.com/fwlink/?Linkid=852423">documentation</a>.</div>
             <div id="qrCode"></div>
-            <div id="qrCodeData" data-url="@Html.Raw(Model.AuthenticatorUri)"></div>
+            <div id="qrCodeData" data-url="@Model.AuthenticatorUri"></div>
         </li>
         <li>
             <p>
diff --git a/src/Microsoft.DotNet.Web.ProjectTemplates/content/RazorPagesWeb-CSharp/Pages/Account/Manage/EnableAuthenticator.cshtml.cs b/src/Microsoft.DotNet.Web.ProjectTemplates/content/RazorPagesWeb-CSharp/Pages/Account/Manage/EnableAuthenticator.cshtml.cs
index 09a6327de0..f23f1431f7 100644
--- a/src/Microsoft.DotNet.Web.ProjectTemplates/content/RazorPagesWeb-CSharp/Pages/Account/Manage/EnableAuthenticator.cshtml.cs
+++ b/src/Microsoft.DotNet.Web.ProjectTemplates/content/RazorPagesWeb-CSharp/Pages/Account/Manage/EnableAuthenticator.cshtml.cs
@@ -57,11 +57,6 @@ namespace Company.WebApplication1.Pages.Account.Manage
             }
 
             await LoadSharedKeyAndQrCodeUriAsync(user);
-            if (string.IsNullOrEmpty(SharedKey))
-            {
-                await _userManager.ResetAuthenticatorKeyAsync(user);
-                await LoadSharedKeyAndQrCodeUriAsync(user);
-            }
 
             return Page();
         }
@@ -102,11 +97,14 @@ namespace Company.WebApplication1.Pages.Account.Manage
         {
             // Load the authenticator key & QR code URI to display on the form
             var unformattedKey = await _userManager.GetAuthenticatorKeyAsync(user);
-            if (!string.IsNullOrEmpty(unformattedKey))
+            if (string.IsNullOrEmpty(unformattedKey))
             {
-                SharedKey = FormatKey(unformattedKey);
-                AuthenticatorUri = GenerateQrCodeUri(user.Email, unformattedKey);
+                await _userManager.ResetAuthenticatorKeyAsync(user);
+                unformattedKey = await _userManager.GetAuthenticatorKeyAsync(user);
             }
+
+            SharedKey = FormatKey(unformattedKey);
+            AuthenticatorUri = GenerateQrCodeUri(user.Email, unformattedKey);
         }
 
         private string FormatKey(string unformattedKey)
diff --git a/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/Controllers/ManageController.cs b/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/Controllers/ManageController.cs
index d840959dd3..437e01129e 100644
--- a/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/Controllers/ManageController.cs
+++ b/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/Controllers/ManageController.cs
@@ -371,18 +371,8 @@ namespace Company.WebApplication1.Controllers
                 throw new ApplicationException($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
             }
 
-            var unformattedKey = await _userManager.GetAuthenticatorKeyAsync(user);
-            if (string.IsNullOrEmpty(unformattedKey))
-            {
-                await _userManager.ResetAuthenticatorKeyAsync(user);
-                unformattedKey = await _userManager.GetAuthenticatorKeyAsync(user);
-            }
-
-            var model = new EnableAuthenticatorViewModel
-            {
-                SharedKey = FormatKey(unformattedKey),
-                AuthenticatorUri = GenerateQrCodeUri(user.Email, unformattedKey)
-            };
+            var model = new EnableAuthenticatorViewModel();
+            await LoadSharedKeyAndQrCodeUriAsync(user, model);
 
             return View(model);
         }
@@ -391,17 +381,18 @@ namespace Company.WebApplication1.Controllers
         [ValidateAntiForgeryToken]
         public async Task<IActionResult> EnableAuthenticator(EnableAuthenticatorViewModel model)
         {
-            if (!ModelState.IsValid)
-            {
-                return View(model);
-            }
-
             var user = await _userManager.GetUserAsync(User);
             if (user == null)
             {
                 throw new ApplicationException($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
             }
 
+            if (!ModelState.IsValid)
+            {
+                await LoadSharedKeyAndQrCodeUriAsync(user, model);
+                return View(model);
+            }
+
             // Strip spaces and hypens
             var verificationCode = model.Code.Replace(" ", string.Empty).Replace("-", string.Empty);
 
@@ -410,7 +401,8 @@ namespace Company.WebApplication1.Controllers
 
             if (!is2faTokenValid)
             {
-                ModelState.AddModelError("model.Code", "Verification code is invalid.");
+                ModelState.AddModelError("Code", "Verification code is invalid.");
+                await LoadSharedKeyAndQrCodeUriAsync(user, model);
                 return View(model);
             }
 
@@ -500,6 +492,19 @@ namespace Company.WebApplication1.Controllers
                 unformattedKey);
         }
 
+        private async Task LoadSharedKeyAndQrCodeUriAsync(ApplicationUser user, EnableAuthenticatorViewModel model)
+        {
+            var unformattedKey = await _userManager.GetAuthenticatorKeyAsync(user);
+            if (string.IsNullOrEmpty(unformattedKey))
+            {
+                await _userManager.ResetAuthenticatorKeyAsync(user);
+                unformattedKey = await _userManager.GetAuthenticatorKeyAsync(user);
+            }
+
+            model.SharedKey = FormatKey(unformattedKey);
+            model.AuthenticatorUri = GenerateQrCodeUri(user.Email, unformattedKey);
+        }
+
         #endregion
     }
 }
diff --git a/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/Models/ManageViewModels/EnableAuthenticatorViewModel.cs b/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/Models/ManageViewModels/EnableAuthenticatorViewModel.cs
index 3f3323f216..2aaafedad2 100644
--- a/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/Models/ManageViewModels/EnableAuthenticatorViewModel.cs
+++ b/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/Models/ManageViewModels/EnableAuthenticatorViewModel.cs
@@ -4,6 +4,7 @@ using System.ComponentModel;
 using System.ComponentModel.DataAnnotations;
 using System.Linq;
 using System.Threading.Tasks;
+using Microsoft.AspNetCore.Mvc.ModelBinding;
 
 namespace Company.WebApplication1.Models.ManageViewModels
 {
@@ -15,9 +16,10 @@ namespace Company.WebApplication1.Models.ManageViewModels
             [Display(Name = "Verification Code")]
             public string Code { get; set; }
 
-            [ReadOnly(true)]
+            [BindNever]
             public string SharedKey { get; set; }
 
+            [BindNever]
             public string AuthenticatorUri { get; set; }
     }
 }
diff --git a/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/Views/Manage/EnableAuthenticator.cshtml b/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/Views/Manage/EnableAuthenticator.cshtml
index 79693d78e3..4cbe57304f 100644
--- a/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/Views/Manage/EnableAuthenticator.cshtml
+++ b/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/Views/Manage/EnableAuthenticator.cshtml
@@ -23,7 +23,7 @@
             <p>Scan the QR Code or enter this key <kbd>@Model.SharedKey</kbd> into your two factor authenticator app. Spaces and casing do not matter.</p>
             <div class="alert alert-info">To enable QR code generation please read our <a href="https://go.microsoft.com/fwlink/?Linkid=852423">documentation</a>.</div>
             <div id="qrCode"></div>
-            <div id="qrCodeData" data-url="@Html.Raw(Model.AuthenticatorUri)"></div>
+            <div id="qrCodeData" data-url="@Model.AuthenticatorUri"></div>
         </li>
         <li>
             <p>

From 16c23b846ec57803e83c7e1bffc9c24546fe1de4 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Wed, 6 Dec 2017 13:55:51 -0800
Subject: [PATCH 5/9] Split showing and generating recovery codes

---
 .../Pages/Account/AccessDenied.cshtml         |  2 +-
 .../Manage/EnableAuthenticator.cshtml.cs      |  9 ++--
 .../Manage/GenerateRecoveryCodes.cshtml       | 22 +++++----
 .../Manage/GenerateRecoveryCodes.cshtml.cs    | 22 +++++++--
 .../Account/Manage/ShowRecoveryCodes.cshtml   | 25 ++++++++++
 .../Manage/ShowRecoveryCodes.cshtml.cs        | 25 ++++++++++
 .../Controllers/ManageController.cs           | 47 ++++++++++++++++---
 ...Model.cs => ShowRecoveryCodesViewModel.cs} |  2 +-
 .../Views/Account/AccessDenied.cshtml         |  2 +-
 .../Views/Manage/GenerateRecoveryCodes.cshtml | 28 ++++++-----
 .../Views/Manage/ShowRecoveryCodes.cshtml     | 24 ++++++++++
 .../Manage/TwoFactorAuthentication.cshtml     |  2 +-
 12 files changed, 170 insertions(+), 40 deletions(-)
 create mode 100644 src/Microsoft.DotNet.Web.ProjectTemplates/content/RazorPagesWeb-CSharp/Pages/Account/Manage/ShowRecoveryCodes.cshtml
 create mode 100644 src/Microsoft.DotNet.Web.ProjectTemplates/content/RazorPagesWeb-CSharp/Pages/Account/Manage/ShowRecoveryCodes.cshtml.cs
 rename src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/Models/ManageViewModels/{GenerateRecoveryCodesViewModel.cs => ShowRecoveryCodesViewModel.cs} (85%)
 create mode 100644 src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/Views/Manage/ShowRecoveryCodes.cshtml

diff --git a/src/Microsoft.DotNet.Web.ProjectTemplates/content/RazorPagesWeb-CSharp/Pages/Account/AccessDenied.cshtml b/src/Microsoft.DotNet.Web.ProjectTemplates/content/RazorPagesWeb-CSharp/Pages/Account/AccessDenied.cshtml
index ba7d0215dc..3510edef22 100644
--- a/src/Microsoft.DotNet.Web.ProjectTemplates/content/RazorPagesWeb-CSharp/Pages/Account/AccessDenied.cshtml
+++ b/src/Microsoft.DotNet.Web.ProjectTemplates/content/RazorPagesWeb-CSharp/Pages/Account/AccessDenied.cshtml
@@ -5,6 +5,6 @@
 }
 
 <header>
-    <h1 class="text-danger">ViewData["Title"]</h1>
+    <h1 class="text-danger">@ViewData["Title"]</h1>
     <p class="text-danger">You do not have access to this resource.</p>
 </header>
diff --git a/src/Microsoft.DotNet.Web.ProjectTemplates/content/RazorPagesWeb-CSharp/Pages/Account/Manage/EnableAuthenticator.cshtml.cs b/src/Microsoft.DotNet.Web.ProjectTemplates/content/RazorPagesWeb-CSharp/Pages/Account/Manage/EnableAuthenticator.cshtml.cs
index f23f1431f7..8f38fb8492 100644
--- a/src/Microsoft.DotNet.Web.ProjectTemplates/content/RazorPagesWeb-CSharp/Pages/Account/Manage/EnableAuthenticator.cshtml.cs
+++ b/src/Microsoft.DotNet.Web.ProjectTemplates/content/RazorPagesWeb-CSharp/Pages/Account/Manage/EnableAuthenticator.cshtml.cs
@@ -20,7 +20,7 @@ namespace Company.WebApplication1.Pages.Account.Manage
         private readonly ILogger<EnableAuthenticatorModel> _logger;
         private readonly UrlEncoder _urlEncoder;
 
-        private const string AuthenicatorUriFormat = "otpauth://totp/{0}:{1}?secret={2}&issuer={0}&digits=6";
+        private const string AuthenticatorUriFormat = "otpauth://totp/{0}:{1}?secret={2}&issuer={0}&digits=6";
 
         public EnableAuthenticatorModel(
             UserManager<ApplicationUser> userManager,
@@ -90,7 +90,10 @@ namespace Company.WebApplication1.Pages.Account.Manage
 
             await _userManager.SetTwoFactorEnabledAsync(user, true);
             _logger.LogInformation("User with ID '{UserId}' has enabled 2FA with an authenticator app.", user.Id);
-            return RedirectToPage("./GenerateRecoveryCodes");
+
+            var recoveryCodes = await _userManager.GenerateNewTwoFactorRecoveryCodesAsync(user, 10);
+            TempData["RecoveryCodes"] = recoveryCodes.ToArray();
+            return RedirectToPage("./ShowRecoveryCodes");
         }
 
         private async Task LoadSharedKeyAndQrCodeUriAsync(ApplicationUser user)
@@ -127,7 +130,7 @@ namespace Company.WebApplication1.Pages.Account.Manage
         private string GenerateQrCodeUri(string email, string unformattedKey)
         {
             return string.Format(
-                AuthenicatorUriFormat,
+                AuthenticatorUriFormat,
                 _urlEncoder.Encode("Company.WebApplication1"),
                 _urlEncoder.Encode(email),
                 unformattedKey);
diff --git a/src/Microsoft.DotNet.Web.ProjectTemplates/content/RazorPagesWeb-CSharp/Pages/Account/Manage/GenerateRecoveryCodes.cshtml b/src/Microsoft.DotNet.Web.ProjectTemplates/content/RazorPagesWeb-CSharp/Pages/Account/Manage/GenerateRecoveryCodes.cshtml
index d05825429f..3738b9237c 100644
--- a/src/Microsoft.DotNet.Web.ProjectTemplates/content/RazorPagesWeb-CSharp/Pages/Account/Manage/GenerateRecoveryCodes.cshtml
+++ b/src/Microsoft.DotNet.Web.ProjectTemplates/content/RazorPagesWeb-CSharp/Pages/Account/Manage/GenerateRecoveryCodes.cshtml
@@ -1,7 +1,7 @@
 @page
 @model GenerateRecoveryCodesModel
 @{
-    ViewData["Title"] = "Recovery codes";
+    ViewData["Title"] = "Generate two-factor authentication (2FA) recovery codes";
     ViewData["ActivePage"] = "TwoFactorAuthentication";
 }
 
@@ -9,17 +9,19 @@
 <div class="alert alert-warning" role="alert">
     <p>
         <span class="glyphicon glyphicon-warning-sign"></span>
-        <strong>Put these codes in a safe place.</strong>
+        <strong>This action generates new recovery codes.</strong>
     </p>
     <p>
         If you lose your device and don't have the recovery codes you will lose access to your account.
     </p>
+    <p>
+        Generating new recovery codes does not change the keys used in authenticator apps. If you wish to change the key
+        used in an authenticator app you should <a asp-action="ResetAuthenticatorWarning">reset your authenticator keys.</a>
+    </p>
+</div>
+
+<div>
+    <form asp-action="GenerateRecoveryCodes" method="post" class="form-group">
+        <button class="btn btn-danger" type="submit">Generate Recovery Codes</button>
+    </form>
 </div>
-<div class="row">
-    <div class="col-md-12">
-        @for (var row = 0; row < Model.RecoveryCodes.Count(); row += 2)
-        {
-            <code>@Model.RecoveryCodes[row]</code><text>&nbsp;</text><code>@Model.RecoveryCodes[row + 1]</code><br />
-        }
-    </div>
-</div>
\ No newline at end of file
diff --git a/src/Microsoft.DotNet.Web.ProjectTemplates/content/RazorPagesWeb-CSharp/Pages/Account/Manage/GenerateRecoveryCodes.cshtml.cs b/src/Microsoft.DotNet.Web.ProjectTemplates/content/RazorPagesWeb-CSharp/Pages/Account/Manage/GenerateRecoveryCodes.cshtml.cs
index 6839d275fc..6c23b5ad60 100644
--- a/src/Microsoft.DotNet.Web.ProjectTemplates/content/RazorPagesWeb-CSharp/Pages/Account/Manage/GenerateRecoveryCodes.cshtml.cs
+++ b/src/Microsoft.DotNet.Web.ProjectTemplates/content/RazorPagesWeb-CSharp/Pages/Account/Manage/GenerateRecoveryCodes.cshtml.cs
@@ -23,8 +23,6 @@ namespace Company.WebApplication1.Pages.Account.Manage
             _logger = logger;
         }
 
-        public string[] RecoveryCodes { get; set; }
-
         public async Task<IActionResult> OnGetAsync()
         {
             var user = await _userManager.GetUserAsync(User);
@@ -33,17 +31,33 @@ namespace Company.WebApplication1.Pages.Account.Manage
                 throw new ApplicationException($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
             }
 
+            if (!user.TwoFactorEnabled)
+            {
+                throw new ApplicationException($"Cannot generate recovery codes for user with ID '{user.Id}' because they do not have 2FA enabled.");
+            }
+
+            return Page();
+        }
+
+        public async Task<IActionResult> OnPostAsync()
+        {
+            var user = await _userManager.GetUserAsync(User);
+            if (user == null)
+            {
+                throw new ApplicationException($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
+            }
+
             if (!user.TwoFactorEnabled)
             {
                 throw new ApplicationException($"Cannot generate recovery codes for user with ID '{user.Id}' as they do not have 2FA enabled.");
             }
 
             var recoveryCodes = await _userManager.GenerateNewTwoFactorRecoveryCodesAsync(user, 10);
-            RecoveryCodes = recoveryCodes.ToArray();
+            TempData["RecoveryCodes"] = recoveryCodes.ToArray();
 
             _logger.LogInformation("User with ID '{UserId}' has generated new 2FA recovery codes.", user.Id);
 
-            return Page();
+            return RedirectToPage("./ShowRecoveryCodes");
         }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.DotNet.Web.ProjectTemplates/content/RazorPagesWeb-CSharp/Pages/Account/Manage/ShowRecoveryCodes.cshtml b/src/Microsoft.DotNet.Web.ProjectTemplates/content/RazorPagesWeb-CSharp/Pages/Account/Manage/ShowRecoveryCodes.cshtml
new file mode 100644
index 0000000000..a7225dfa23
--- /dev/null
+++ b/src/Microsoft.DotNet.Web.ProjectTemplates/content/RazorPagesWeb-CSharp/Pages/Account/Manage/ShowRecoveryCodes.cshtml
@@ -0,0 +1,25 @@
+@page
+@model ShowRecoveryCodesModel
+@{
+    ViewData["Title"] = "Recovery codes";
+    ViewData["ActivePage"] = "TwoFactorAuthentication";
+}
+
+<h4>@ViewData["Title"]</h4>
+<div class="alert alert-warning" role="alert">
+    <p>
+        <span class="glyphicon glyphicon-warning-sign"></span>
+        <strong>Put these codes in a safe place.</strong>
+    </p>
+    <p>
+        If you lose your device and don't have the recovery codes you will lose access to your account.
+    </p>
+</div>
+<div class="row">
+    <div class="col-md-12">
+        @for (var row = 0; row < Model.RecoveryCodes.Length; row += 2)
+        {
+            <code>@Model.RecoveryCodes[row]</code><text>&nbsp;</text><code>@Model.RecoveryCodes[row + 1]</code><br />
+        }
+    </div>
+</div>
\ No newline at end of file
diff --git a/src/Microsoft.DotNet.Web.ProjectTemplates/content/RazorPagesWeb-CSharp/Pages/Account/Manage/ShowRecoveryCodes.cshtml.cs b/src/Microsoft.DotNet.Web.ProjectTemplates/content/RazorPagesWeb-CSharp/Pages/Account/Manage/ShowRecoveryCodes.cshtml.cs
new file mode 100644
index 0000000000..250bf7f598
--- /dev/null
+++ b/src/Microsoft.DotNet.Web.ProjectTemplates/content/RazorPagesWeb-CSharp/Pages/Account/Manage/ShowRecoveryCodes.cshtml.cs
@@ -0,0 +1,25 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.RazorPages;
+
+namespace Company.WebApplication1.Pages.Account.Manage
+{
+    public class ShowRecoveryCodesModel : PageModel
+    {
+        public string[] RecoveryCodes { get; private set; }
+
+        public IActionResult OnGet()
+        {
+            RecoveryCodes = (string[])TempData["RecoveryCodes"];
+            if (RecoveryCodes == null)
+            {
+                return RedirectToPage("TwoFactorAuthentication");
+            }
+
+            return Page();
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/Controllers/ManageController.cs b/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/Controllers/ManageController.cs
index 437e01129e..1620109d56 100644
--- a/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/Controllers/ManageController.cs
+++ b/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/Controllers/ManageController.cs
@@ -26,7 +26,8 @@ namespace Company.WebApplication1.Controllers
         private readonly ILogger _logger;
         private readonly UrlEncoder _urlEncoder;
 
-        private const string AuthenicatorUriFormat = "otpauth://totp/{0}:{1}?secret={2}&issuer={0}&digits=6";
+        private const string AuthenticatorUriFormat = "otpauth://totp/{0}:{1}?secret={2}&issuer={0}&digits=6";
+        private const string RecoveryCodesKey = nameof(RecoveryCodesKey);
 
         public ManageController(
           UserManager<ApplicationUser> userManager,
@@ -408,7 +409,23 @@ namespace Company.WebApplication1.Controllers
 
             await _userManager.SetTwoFactorEnabledAsync(user, true);
             _logger.LogInformation("User with ID {UserId} has enabled 2FA with an authenticator app.", user.Id);
-            return RedirectToAction(nameof(GenerateRecoveryCodes));
+            var recoveryCodes = await _userManager.GenerateNewTwoFactorRecoveryCodesAsync(user, 10);
+            TempData[RecoveryCodesKey] = recoveryCodes.ToArray();
+
+            return RedirectToAction(nameof(ShowRecoveryCodes));
+        }
+
+        [HttpGet]
+        public IActionResult ShowRecoveryCodes()
+        {
+            var recoveryCodes = (string[])TempData[RecoveryCodesKey];
+            if (recoveryCodes == null)
+            {
+                return RedirectToAction(nameof(TwoFactorAuthentication));
+            }
+
+            var model = new ShowRecoveryCodesViewModel { RecoveryCodes = recoveryCodes };
+            return View(model);
         }
 
         [HttpGet]
@@ -435,6 +452,24 @@ namespace Company.WebApplication1.Controllers
         }
 
         [HttpGet]
+        public async Task<IActionResult> GenerateRecoveryCodesWarning()
+        {
+            var user = await _userManager.GetUserAsync(User);
+            if (user == null)
+            {
+                throw new ApplicationException($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
+            }
+
+            if (!user.TwoFactorEnabled)
+            {
+                throw new ApplicationException($"Cannot generate recovery codes for user with ID '{user.Id}' because they do not have 2FA enabled.");
+            }
+
+            return View(nameof(GenerateRecoveryCodes));
+        }
+
+        [HttpPost]
+        [ValidateAntiForgeryToken]
         public async Task<IActionResult> GenerateRecoveryCodes()
         {
             var user = await _userManager.GetUserAsync(User);
@@ -449,11 +484,11 @@ namespace Company.WebApplication1.Controllers
             }
 
             var recoveryCodes = await _userManager.GenerateNewTwoFactorRecoveryCodesAsync(user, 10);
-            var model = new GenerateRecoveryCodesViewModel { RecoveryCodes = recoveryCodes.ToArray() };
-
             _logger.LogInformation("User with ID {UserId} has generated new 2FA recovery codes.", user.Id);
 
-            return View(model);
+            var model = new ShowRecoveryCodesViewModel { RecoveryCodes = recoveryCodes.ToArray() };
+
+            return View(nameof(ShowRecoveryCodes), model);
         }
 
         #region Helpers
@@ -486,7 +521,7 @@ namespace Company.WebApplication1.Controllers
         private string GenerateQrCodeUri(string email, string unformattedKey)
         {
             return string.Format(
-                AuthenicatorUriFormat,
+                AuthenticatorUriFormat,
                 _urlEncoder.Encode("Company.WebApplication1"),
                 _urlEncoder.Encode(email),
                 unformattedKey);
diff --git a/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/Models/ManageViewModels/GenerateRecoveryCodesViewModel.cs b/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/Models/ManageViewModels/ShowRecoveryCodesViewModel.cs
similarity index 85%
rename from src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/Models/ManageViewModels/GenerateRecoveryCodesViewModel.cs
rename to src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/Models/ManageViewModels/ShowRecoveryCodesViewModel.cs
index 05f1fe8a70..d026507079 100644
--- a/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/Models/ManageViewModels/GenerateRecoveryCodesViewModel.cs
+++ b/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/Models/ManageViewModels/ShowRecoveryCodesViewModel.cs
@@ -6,7 +6,7 @@ using System.Threading.Tasks;
 
 namespace Company.WebApplication1.Models.ManageViewModels
 {
-    public class GenerateRecoveryCodesViewModel
+    public class ShowRecoveryCodesViewModel
     {
         public string[] RecoveryCodes { get; set; }
     }
diff --git a/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/Views/Account/AccessDenied.cshtml b/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/Views/Account/AccessDenied.cshtml
index 3a5a00852c..c27d3daeb3 100644
--- a/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/Views/Account/AccessDenied.cshtml
+++ b/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/Views/Account/AccessDenied.cshtml
@@ -3,6 +3,6 @@
 }
 
 <header>
-    <h2 class="text-danger">ViewData["Title"]</h2>
+    <h2 class="text-danger">@ViewData["Title"]</h2>
     <p class="text-danger">You do not have access to this resource.</p>
 </header>
diff --git a/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/Views/Manage/GenerateRecoveryCodes.cshtml b/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/Views/Manage/GenerateRecoveryCodes.cshtml
index 669d13ef93..996967b3a2 100644
--- a/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/Views/Manage/GenerateRecoveryCodes.cshtml
+++ b/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/Views/Manage/GenerateRecoveryCodes.cshtml
@@ -1,24 +1,26 @@
-@model GenerateRecoveryCodesViewModel
-@{
-    ViewData["Title"] = "Recovery codes";
+@{
+    ViewData["Title"] = "Generate two-factor authentication (2FA) recovery codes";
     ViewData.AddActivePage(ManageNavPages.TwoFactorAuthentication);
 }
 
-<h4>@ViewData["Title"]</h4>
+<h2>@ViewData["Title"]</h2>
+
 <div class="alert alert-warning" role="alert">
     <p>
         <span class="glyphicon glyphicon-warning-sign"></span>
-        <strong>Put these codes in a safe place.</strong>
+        <strong>This action generates new recovery codes.</strong>
     </p>
     <p>
         If you lose your device and don't have the recovery codes you will lose access to your account.
     </p>
+    <p>
+        Generating new recovery codes does not change the keys used in authenticator apps. If you wish to change the key
+        used in an authenticator app you should <a asp-action="ResetAuthenticatorWarning">reset your authenticator keys.</a>
+    </p>
+</div>
+
+<div>
+    <form asp-action="GenerateRecoveryCodes" method="post" class="form-group">
+        <button class="btn btn-danger" type="submit">Generate Recovery Codes</button>
+    </form>
 </div>
-<div class="row">
-    <div class="col-md-12">
-        @for (var row = 0; row < Model.RecoveryCodes.Count(); row += 2)
-        {
-            <code>@Model.RecoveryCodes[row]</code><text>&nbsp;</text><code>@Model.RecoveryCodes[row + 1]</code><br />
-        }
-    </div>
-</div>
\ No newline at end of file
diff --git a/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/Views/Manage/ShowRecoveryCodes.cshtml b/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/Views/Manage/ShowRecoveryCodes.cshtml
new file mode 100644
index 0000000000..c2be067710
--- /dev/null
+++ b/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/Views/Manage/ShowRecoveryCodes.cshtml
@@ -0,0 +1,24 @@
+@model ShowRecoveryCodesViewModel
+@{
+    ViewData["Title"] = "Recovery codes";
+    ViewData.AddActivePage(ManageNavPages.TwoFactorAuthentication);
+}
+
+<h4>@ViewData["Title"]</h4>
+<div class="alert alert-warning" role="alert">
+    <p>
+        <span class="glyphicon glyphicon-warning-sign"></span>
+        <strong>Put these codes in a safe place.</strong>
+    </p>
+    <p>
+        If you lose your device and don't have the recovery codes you will lose access to your account.
+    </p>
+</div>
+<div class="row">
+    <div class="col-md-12">
+        @for (var row = 0; row < Model.RecoveryCodes.Length; row += 2)
+        {
+            <code>@Model.RecoveryCodes[row]</code><text>&nbsp;</text><code>@Model.RecoveryCodes[row + 1]</code><br />
+        }
+    </div>
+</div>
\ No newline at end of file
diff --git a/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/Views/Manage/TwoFactorAuthentication.cshtml b/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/Views/Manage/TwoFactorAuthentication.cshtml
index a2b52ac5b4..9286c0821e 100644
--- a/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/Views/Manage/TwoFactorAuthentication.cshtml
+++ b/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/Views/Manage/TwoFactorAuthentication.cshtml
@@ -30,7 +30,7 @@
     }
 
     <a asp-action="Disable2faWarning" class="btn btn-default">Disable 2FA</a>
-    <a asp-action="GenerateRecoveryCodes" class="btn btn-default">Reset recovery codes</a>
+    <a asp-action="GenerateRecoveryCodesWarning" class="btn btn-default">Reset recovery codes</a>
 }
 
 <h5>Authenticator app</h5>

From e3674db32e34f4b43671e978eb9902b3b11fb214 Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Fri, 8 Dec 2017 11:14:04 -0800
Subject: [PATCH 6/9] Bump version to 2.0.5 to match the runtime

---
 version.props | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/version.props b/version.props
index 09e8aa45e5..85f1a9f175 100644
--- a/version.props
+++ b/version.props
@@ -1,6 +1,6 @@
 <Project>
   <PropertyGroup>
-    <VersionPrefix>2.0.4</VersionPrefix>
+    <VersionPrefix>2.0.5</VersionPrefix>
     <VersionSuffix>rtm</VersionSuffix>
     <PackageVersion Condition="'$(IsFinalBuild)' == 'true' AND '$(VersionSuffix)' == 'rtm' ">$(VersionPrefix)</PackageVersion>
     <PackageVersion Condition="'$(IsFinalBuild)' == 'true' AND '$(VersionSuffix)' != 'rtm' ">$(VersionPrefix)-$(VersionSuffix)-final</PackageVersion>

From 67fab2fec61121d834dfb9dca359fcc2f47893e6 Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Thu, 18 Jan 2018 15:42:49 -0800
Subject: [PATCH 7/9] Bump version to 2.0.6 and update build tools

---
 build/dependencies.props | 2 +-
 korebuild-lock.txt       | 4 ++--
 korebuild.json           | 4 ++--
 version.props            | 2 +-
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index a499aa7e71..ebae3e5d70 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -4,7 +4,7 @@
   </PropertyGroup>
 
   <PropertyGroup Label="PackageVersions">
-    <InternalAspNetCoreSdkPackageVersion>2.0.2-rc1-16007</InternalAspNetCoreSdkPackageVersion>
+    <InternalAspNetCoreSdkPackageVersion>2.0.5-rtm-10016</InternalAspNetCoreSdkPackageVersion>
     <MicrosoftAspNetCoreAllPackageVersion>2.0.3</MicrosoftAspNetCoreAllPackageVersion>
     <MicrosoftAspNetCoreAuthenticationCookiesPackageVersion>2.0.1</MicrosoftAspNetCoreAuthenticationCookiesPackageVersion>
     <MicrosoftAspNetCoreAuthenticationJwtBearerPackageVersion>2.0.1</MicrosoftAspNetCoreAuthenticationJwtBearerPackageVersion>
diff --git a/korebuild-lock.txt b/korebuild-lock.txt
index 16c49d04ce..e0cb1b1c60 100644
--- a/korebuild-lock.txt
+++ b/korebuild-lock.txt
@@ -1,2 +1,2 @@
-version:2.0.2-rc1-16007
-commithash:bccf097cd0fceb185b7bf6aa8981191304cea9a7
+version:2.0.5-rtm-10016
+commithash:02bda79ac9c564229da734a836f258d6c1321eb7
diff --git a/korebuild.json b/korebuild.json
index 6bbc5eeb9c..9deb2b62d7 100644
--- a/korebuild.json
+++ b/korebuild.json
@@ -1,4 +1,4 @@
 {
-  "$schema": "https://raw.githubusercontent.com/aspnet/BuildTools/rel/2.0.2/tools/korebuild.schema.json",
-  "channel": "rel/2.0.2"
+  "$schema": "https://raw.githubusercontent.com/aspnet/BuildTools/release/2.0/tools/korebuild.schema.json",
+  "channel": "release/2.0"
 }
diff --git a/version.props b/version.props
index 85f1a9f175..44bf7795a8 100644
--- a/version.props
+++ b/version.props
@@ -1,6 +1,6 @@
 <Project>
   <PropertyGroup>
-    <VersionPrefix>2.0.5</VersionPrefix>
+    <VersionPrefix>2.0.6</VersionPrefix>
     <VersionSuffix>rtm</VersionSuffix>
     <PackageVersion Condition="'$(IsFinalBuild)' == 'true' AND '$(VersionSuffix)' == 'rtm' ">$(VersionPrefix)</PackageVersion>
     <PackageVersion Condition="'$(IsFinalBuild)' == 'true' AND '$(VersionSuffix)' != 'rtm' ">$(VersionPrefix)-$(VersionSuffix)-final</PackageVersion>

From c786c029f45547fd3d01be534c4634c974fe7377 Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Thu, 18 Jan 2018 16:30:43 -0800
Subject: [PATCH 8/9] Bump version, update build tools, and dependency versions

---
 Directory.Build.props    | 2 ++
 Directory.Build.targets  | 4 ++--
 build/dependencies.props | 3 ++-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/Directory.Build.props b/Directory.Build.props
index d867f8478f..7e94e56c3d 100644
--- a/Directory.Build.props
+++ b/Directory.Build.props
@@ -1,8 +1,10 @@
 <Project>
   <Import Project="version.props" />
   <Import Project="build\dependencies.props" />
+  <Import Project="build\sources.props" />
 
   <PropertyGroup>
     <GenerateSourceLinkFile>false</GenerateSourceLinkFile>
+    <RepositoryRoot>$(MSBuildThisFileDirectory)</RepositoryRoot>
   </PropertyGroup>
 </Project>
diff --git a/Directory.Build.targets b/Directory.Build.targets
index ba8545d8c4..58066966aa 100644
--- a/Directory.Build.targets
+++ b/Directory.Build.targets
@@ -1,6 +1,6 @@
 <Project>
-  <Import Project="build\sources.props" />
   <PropertyGroup>
-    <RuntimeFrameworkVersion Condition="'$(TargetFramework)' == 'netcoreapp2.0'">$(MicrosoftNETCoreApp20PackageVersion)</RuntimeFrameworkVersion>
+    <NETStandardImplicitPackageVersion Condition=" '$(TargetFramework)' == 'netstandard2.0' ">$(NETStandardLibrary20PackageVersion)</NETStandardImplicitPackageVersion>
+    <RuntimeFrameworkVersion Condition=" '$(TargetFramework)' == 'netcoreapp2.0' ">$(MicrosoftNETCoreApp20PackageVersion)</RuntimeFrameworkVersion>
   </PropertyGroup>
 </Project>
diff --git a/build/dependencies.props b/build/dependencies.props
index ebae3e5d70..edf1cb289e 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -26,11 +26,12 @@
     <MicrosoftEntityFrameworkCoreToolsPackageVersion>2.0.1</MicrosoftEntityFrameworkCoreToolsPackageVersion>
     <MicrosoftExtensionsCommandLineUtilsSourcesPackageVersion>2.0.0</MicrosoftExtensionsCommandLineUtilsSourcesPackageVersion>
     <MicrosoftExtensionsSecretManagerToolsPackageVersion>2.0.0</MicrosoftExtensionsSecretManagerToolsPackageVersion>
+    <MicrosoftNETCoreApp20PackageVersion>2.0.5</MicrosoftNETCoreApp20PackageVersion>
     <MicrosoftNETTestSdkPackageVersion>15.3.0</MicrosoftNETTestSdkPackageVersion>
     <MicrosoftVisualStudioWebBrowserLinkPackageVersion>2.0.1</MicrosoftVisualStudioWebBrowserLinkPackageVersion>
     <MicrosoftVisualStudioWebCodeGenerationDesignPackageVersion>2.0.1</MicrosoftVisualStudioWebCodeGenerationDesignPackageVersion>
     <MicrosoftVisualStudioWebCodeGenerationToolsPackageVersion>2.0.1</MicrosoftVisualStudioWebCodeGenerationToolsPackageVersion>
-    <MicrosoftNETCoreApp20PackageVersion>2.0.3</MicrosoftNETCoreApp20PackageVersion>
+    <NETStandardLibrary20PackageVersion>2.0.1</NETStandardLibrary20PackageVersion>
     <SeleniumFirefoxWebDriverPackageVersion>0.19.0</SeleniumFirefoxWebDriverPackageVersion>
     <SeleniumSupportPackageVersion>3.6.0</SeleniumSupportPackageVersion>
     <SeleniumWebDriverMicrosoftDriverPackageVersion>16.16299.0</SeleniumWebDriverMicrosoftDriverPackageVersion>

From a177c557c51203a10b29dd7d28eb6d47be6fb1bb Mon Sep 17 00:00:00 2001
From: Jass Bagga <jabagga@microsoft.com>
Date: Thu, 18 Jan 2018 18:19:18 -0800
Subject: [PATCH 9/9] [2.0.x PATCH] Add app.config to net 4.x templates (#231)

Addresses #170
---
 .appveyor.yml                                 |  3 +-
 .travis.yml                                   | 28 +++++++++++++++++++
 .../.template.config/template.json            |  8 ++++++
 .../content/Aurelia-CSharp/app.config         |  6 ++++
 .../.template.config/template.json            |  8 ++++++
 .../content/Knockout-CSharp/app.config        |  6 ++++
 .../Vue-CSharp/.template.config/template.json |  8 ++++++
 .../content/Vue-CSharp/app.config             |  6 ++++
 .../EmptyWeb-FSharp.fsproj.in                 |  6 +++-
 .../.template.config/template.json            |  6 ++++
 .../content/EmptyWeb-CSharp/app.config        |  6 ++++
 .../.template.config/template.json            | 12 ++++++++
 .../content/EmptyWeb-FSharp/app.config        |  6 ++++
 .../.template.config/template.json            |  6 ++++
 .../content/RazorPagesWeb-CSharp/app.config   |  6 ++++
 .../.template.config/template.json            |  6 ++++
 .../content/StarterWeb-CSharp/app.config      |  6 ++++
 .../.template.config/template.json            | 12 ++++++++
 .../content/StarterWeb-FSharp/app.config      |  6 ++++
 .../.template.config/template.json            |  6 ++++
 .../content/WebApi-CSharp/app.config          |  6 ++++
 .../.template.config/template.json            | 12 ++++++++
 .../content/WebApi-FSharp/app.config          |  6 ++++
 .../.template.config/template.json            |  8 ++++++
 .../content/Angular-CSharp/app.config         |  6 ++++
 .../.template.config/template.json            |  8 ++++++
 .../content/React-CSharp/app.config           |  6 ++++
 .../.template.config/template.json            |  8 ++++++
 .../content/ReactRedux-CSharp/app.config      |  6 ++++
 test/Templates.Test/EmptyWebTemplateTest.cs   |  3 +-
 test/Templates.Test/MvcTemplateTest.cs        |  6 ++--
 test/Templates.Test/RazorPagesTemplateTest.cs |  6 ++--
 test/Templates.Test/SpaTemplateTest.cs        |  3 +-
 test/Templates.Test/WebApiTemplateTest.cs     |  3 +-
 34 files changed, 235 insertions(+), 9 deletions(-)
 create mode 100644 .travis.yml
 create mode 100644 src/Microsoft.AspNetCore.SpaTemplates/content/Aurelia-CSharp/app.config
 create mode 100644 src/Microsoft.AspNetCore.SpaTemplates/content/Knockout-CSharp/app.config
 create mode 100644 src/Microsoft.AspNetCore.SpaTemplates/content/Vue-CSharp/app.config
 create mode 100644 src/Microsoft.DotNet.Web.ProjectTemplates/content/EmptyWeb-CSharp/app.config
 create mode 100644 src/Microsoft.DotNet.Web.ProjectTemplates/content/EmptyWeb-FSharp/app.config
 create mode 100644 src/Microsoft.DotNet.Web.ProjectTemplates/content/RazorPagesWeb-CSharp/app.config
 create mode 100644 src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/app.config
 create mode 100644 src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-FSharp/app.config
 create mode 100644 src/Microsoft.DotNet.Web.ProjectTemplates/content/WebApi-CSharp/app.config
 create mode 100644 src/Microsoft.DotNet.Web.ProjectTemplates/content/WebApi-FSharp/app.config
 create mode 100644 src/Microsoft.DotNet.Web.Spa.ProjectTemplates/content/Angular-CSharp/app.config
 create mode 100644 src/Microsoft.DotNet.Web.Spa.ProjectTemplates/content/React-CSharp/app.config
 create mode 100644 src/Microsoft.DotNet.Web.Spa.ProjectTemplates/content/ReactRedux-CSharp/app.config

diff --git a/.appveyor.yml b/.appveyor.yml
index dd76f2f348..ec07dbe296 100644
--- a/.appveyor.yml
+++ b/.appveyor.yml
@@ -8,9 +8,10 @@ branches:
     - release
     - dev
     - /^rel\/.*/
+    - /^release\/.*/
     - /^(.*\/)?ci-.*$/
 build_script:
-  - ps: .\build.ps1
+  - ps: .\build.cmd
 clone_depth: 1
 environment:
   global:
diff --git a/.travis.yml b/.travis.yml
new file mode 100644
index 0000000000..b469a7b0d4
--- /dev/null
+++ b/.travis.yml
@@ -0,0 +1,28 @@
+language: csharp
+sudo: required
+dist: trusty
+env:
+  global:
+    - DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true
+    - DOTNET_CLI_TELEMETRY_OPTOUT: 1
+addons:
+  apt:
+    packages:
+      - libunwind8
+mono: none
+os:
+  - linux
+  - osx
+osx_image: xcode8.2
+branches:
+  only:
+    - master
+    - release
+    - dev
+    - /^rel\/.*$/
+    - /^release\/.*$/
+    - /^(.*\/)?ci-.*$/
+before_install:
+  - if test "$TRAVIS_OS_NAME" == "osx"; then brew update; brew install openssl; ln -s /usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib /usr/local/lib/; ln -s /usr/local/opt/openssl/lib/libssl.1.0.0.dylib /usr/local/lib/; fi
+script:
+  - ./build.sh
diff --git a/src/Microsoft.AspNetCore.SpaTemplates/content/Aurelia-CSharp/.template.config/template.json b/src/Microsoft.AspNetCore.SpaTemplates/content/Aurelia-CSharp/.template.config/template.json
index d6f128e26a..485b16c055 100644
--- a/src/Microsoft.AspNetCore.SpaTemplates/content/Aurelia-CSharp/.template.config/template.json
+++ b/src/Microsoft.AspNetCore.SpaTemplates/content/Aurelia-CSharp/.template.config/template.json
@@ -22,6 +22,14 @@
       "target": "./",
       "exclude": [
         ".template.config/**"
+      ],
+      "modifiers": [
+        {
+          "condition": "(TargetFrameworkOverride == '')",
+          "exclude": [
+            "app.config"
+          ]
+        }
       ]
     }
   ],
diff --git a/src/Microsoft.AspNetCore.SpaTemplates/content/Aurelia-CSharp/app.config b/src/Microsoft.AspNetCore.SpaTemplates/content/Aurelia-CSharp/app.config
new file mode 100644
index 0000000000..a6ad828311
--- /dev/null
+++ b/src/Microsoft.AspNetCore.SpaTemplates/content/Aurelia-CSharp/app.config
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<configuration>
+  <runtime>
+    <gcServer enabled="true"/>
+  </runtime>
+</configuration>
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.SpaTemplates/content/Knockout-CSharp/.template.config/template.json b/src/Microsoft.AspNetCore.SpaTemplates/content/Knockout-CSharp/.template.config/template.json
index ef80d53bf9..c1b6522b39 100644
--- a/src/Microsoft.AspNetCore.SpaTemplates/content/Knockout-CSharp/.template.config/template.json
+++ b/src/Microsoft.AspNetCore.SpaTemplates/content/Knockout-CSharp/.template.config/template.json
@@ -22,6 +22,14 @@
       "target": "./",
       "exclude": [
         ".template.config/**"
+      ],
+      "modifiers": [
+        {
+          "condition": "(TargetFrameworkOverride == '')",
+          "exclude": [
+            "app.config"
+          ]
+        }
       ]
     }
   ],
diff --git a/src/Microsoft.AspNetCore.SpaTemplates/content/Knockout-CSharp/app.config b/src/Microsoft.AspNetCore.SpaTemplates/content/Knockout-CSharp/app.config
new file mode 100644
index 0000000000..a6ad828311
--- /dev/null
+++ b/src/Microsoft.AspNetCore.SpaTemplates/content/Knockout-CSharp/app.config
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<configuration>
+  <runtime>
+    <gcServer enabled="true"/>
+  </runtime>
+</configuration>
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.SpaTemplates/content/Vue-CSharp/.template.config/template.json b/src/Microsoft.AspNetCore.SpaTemplates/content/Vue-CSharp/.template.config/template.json
index 727ae230f8..4c8f666b99 100644
--- a/src/Microsoft.AspNetCore.SpaTemplates/content/Vue-CSharp/.template.config/template.json
+++ b/src/Microsoft.AspNetCore.SpaTemplates/content/Vue-CSharp/.template.config/template.json
@@ -22,6 +22,14 @@
       "target": "./",
       "exclude": [
         ".template.config/**"
+      ],
+      "modifiers": [
+        {
+          "condition": "(TargetFrameworkOverride == '')",
+          "exclude": [
+            "app.config"
+          ]
+        }
       ]
     }
   ],
diff --git a/src/Microsoft.AspNetCore.SpaTemplates/content/Vue-CSharp/app.config b/src/Microsoft.AspNetCore.SpaTemplates/content/Vue-CSharp/app.config
new file mode 100644
index 0000000000..a6ad828311
--- /dev/null
+++ b/src/Microsoft.AspNetCore.SpaTemplates/content/Vue-CSharp/app.config
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<configuration>
+  <runtime>
+    <gcServer enabled="true"/>
+  </runtime>
+</configuration>
\ No newline at end of file
diff --git a/src/Microsoft.DotNet.Web.ProjectTemplates/EmptyWeb-FSharp.fsproj.in b/src/Microsoft.DotNet.Web.ProjectTemplates/EmptyWeb-FSharp.fsproj.in
index c53237d89d..ec5a443a10 100644
--- a/src/Microsoft.DotNet.Web.ProjectTemplates/EmptyWeb-FSharp.fsproj.in
+++ b/src/Microsoft.DotNet.Web.ProjectTemplates/EmptyWeb-FSharp.fsproj.in
@@ -10,8 +10,12 @@
     <Compile Include="Program.fs" />
   </ItemGroup>
 
-  <ItemGroup>
+  <ItemGroup Condition="'$(TargetFrameworkOverride)' == ''">
     <PackageReference Include="Microsoft.AspNetCore.All" Version="${MicrosoftAspNetCoreAllPackageVersion}" />
   </ItemGroup>
 
+  <ItemGroup Condition="'$(TargetFrameworkOverride)' != ''">
+    <PackageReference Include="Microsoft.AspNetCore" Version="${MicrosoftAspNetCorePackageVersion}" />
+  </ItemGroup>
+
 </Project>
diff --git a/src/Microsoft.DotNet.Web.ProjectTemplates/content/EmptyWeb-CSharp/.template.config/template.json b/src/Microsoft.DotNet.Web.ProjectTemplates/content/EmptyWeb-CSharp/.template.config/template.json
index 8440e08c61..bf1333dc1c 100644
--- a/src/Microsoft.DotNet.Web.ProjectTemplates/content/EmptyWeb-CSharp/.template.config/template.json
+++ b/src/Microsoft.DotNet.Web.ProjectTemplates/content/EmptyWeb-CSharp/.template.config/template.json
@@ -25,6 +25,12 @@
   "sources": [
     {
       "modifiers": [
+        {
+          "condition": "(TargetFrameworkOverride == '')",
+          "exclude": [
+            "app.config"
+          ]
+        },
         {
           "condition": "(!IncludeLaunchSettings)",
           "exclude": [
diff --git a/src/Microsoft.DotNet.Web.ProjectTemplates/content/EmptyWeb-CSharp/app.config b/src/Microsoft.DotNet.Web.ProjectTemplates/content/EmptyWeb-CSharp/app.config
new file mode 100644
index 0000000000..a6ad828311
--- /dev/null
+++ b/src/Microsoft.DotNet.Web.ProjectTemplates/content/EmptyWeb-CSharp/app.config
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<configuration>
+  <runtime>
+    <gcServer enabled="true"/>
+  </runtime>
+</configuration>
\ No newline at end of file
diff --git a/src/Microsoft.DotNet.Web.ProjectTemplates/content/EmptyWeb-FSharp/.template.config/template.json b/src/Microsoft.DotNet.Web.ProjectTemplates/content/EmptyWeb-FSharp/.template.config/template.json
index 7acb09bccf..49ccf0ac09 100644
--- a/src/Microsoft.DotNet.Web.ProjectTemplates/content/EmptyWeb-FSharp/.template.config/template.json
+++ b/src/Microsoft.DotNet.Web.ProjectTemplates/content/EmptyWeb-FSharp/.template.config/template.json
@@ -18,6 +18,18 @@
   },
   "sourceName": "Company.WebApplication1",
   "preferNameDirectory": true,
+  "sources": [
+    {
+      "modifiers": [
+        {
+          "condition": "(TargetFrameworkOverride == '')",
+          "exclude": [
+            "app.config"
+          ]
+        }
+      ]
+    }
+  ],
   "symbols": {
     "TargetFrameworkOverride": {
       "type": "parameter",
diff --git a/src/Microsoft.DotNet.Web.ProjectTemplates/content/EmptyWeb-FSharp/app.config b/src/Microsoft.DotNet.Web.ProjectTemplates/content/EmptyWeb-FSharp/app.config
new file mode 100644
index 0000000000..a6ad828311
--- /dev/null
+++ b/src/Microsoft.DotNet.Web.ProjectTemplates/content/EmptyWeb-FSharp/app.config
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<configuration>
+  <runtime>
+    <gcServer enabled="true"/>
+  </runtime>
+</configuration>
\ No newline at end of file
diff --git a/src/Microsoft.DotNet.Web.ProjectTemplates/content/RazorPagesWeb-CSharp/.template.config/template.json b/src/Microsoft.DotNet.Web.ProjectTemplates/content/RazorPagesWeb-CSharp/.template.config/template.json
index 23f2da2c2b..39c1839b22 100644
--- a/src/Microsoft.DotNet.Web.ProjectTemplates/content/RazorPagesWeb-CSharp/.template.config/template.json
+++ b/src/Microsoft.DotNet.Web.ProjectTemplates/content/RazorPagesWeb-CSharp/.template.config/template.json
@@ -27,6 +27,12 @@
   "sources": [
     {
       "modifiers": [
+        {
+          "condition": "(TargetFrameworkOverride == '')",
+          "exclude": [
+            "app.config"
+          ]
+        },
         {
           "condition": "(!IndividualAuth && !OrganizationalAuth)",
           "exclude": [
diff --git a/src/Microsoft.DotNet.Web.ProjectTemplates/content/RazorPagesWeb-CSharp/app.config b/src/Microsoft.DotNet.Web.ProjectTemplates/content/RazorPagesWeb-CSharp/app.config
new file mode 100644
index 0000000000..a6ad828311
--- /dev/null
+++ b/src/Microsoft.DotNet.Web.ProjectTemplates/content/RazorPagesWeb-CSharp/app.config
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<configuration>
+  <runtime>
+    <gcServer enabled="true"/>
+  </runtime>
+</configuration>
\ No newline at end of file
diff --git a/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/.template.config/template.json b/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/.template.config/template.json
index 1b39b165d6..98935e27a9 100644
--- a/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/.template.config/template.json
+++ b/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/.template.config/template.json
@@ -26,6 +26,12 @@
   "sources": [
     {
       "modifiers": [
+        {
+          "condition": "(TargetFrameworkOverride == '')",
+          "exclude": [
+            "app.config"
+          ]
+        },
         {
           "condition": "(!IndividualAuth && !OrganizationalAuth)",
           "exclude": [
diff --git a/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/app.config b/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/app.config
new file mode 100644
index 0000000000..a6ad828311
--- /dev/null
+++ b/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/app.config
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<configuration>
+  <runtime>
+    <gcServer enabled="true"/>
+  </runtime>
+</configuration>
\ No newline at end of file
diff --git a/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-FSharp/.template.config/template.json b/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-FSharp/.template.config/template.json
index ea0c822105..a9b0b4a397 100644
--- a/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-FSharp/.template.config/template.json
+++ b/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-FSharp/.template.config/template.json
@@ -19,6 +19,18 @@
   },
   "sourceName": "Company.WebApplication1",
   "preferNameDirectory": true,
+  "sources": [
+    {
+      "modifiers": [
+        {
+          "condition": "(TargetFrameworkOverride == '')",
+          "exclude": [
+            "app.config"
+          ]
+        }
+      ]
+    }
+  ],
   "symbols": {
     "TargetFrameworkOverride": {
       "type": "parameter",
diff --git a/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-FSharp/app.config b/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-FSharp/app.config
new file mode 100644
index 0000000000..a6ad828311
--- /dev/null
+++ b/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-FSharp/app.config
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<configuration>
+  <runtime>
+    <gcServer enabled="true"/>
+  </runtime>
+</configuration>
\ No newline at end of file
diff --git a/src/Microsoft.DotNet.Web.ProjectTemplates/content/WebApi-CSharp/.template.config/template.json b/src/Microsoft.DotNet.Web.ProjectTemplates/content/WebApi-CSharp/.template.config/template.json
index becd788417..31c858810e 100644
--- a/src/Microsoft.DotNet.Web.ProjectTemplates/content/WebApi-CSharp/.template.config/template.json
+++ b/src/Microsoft.DotNet.Web.ProjectTemplates/content/WebApi-CSharp/.template.config/template.json
@@ -26,6 +26,12 @@
   "sources": [
     {
       "modifiers": [
+        {
+          "condition": "(TargetFrameworkOverride == '')",
+          "exclude": [
+            "app.config"
+          ]
+        },
         {
           "condition": "(windir == 'C:\\Windows')",
           "exclude": [
diff --git a/src/Microsoft.DotNet.Web.ProjectTemplates/content/WebApi-CSharp/app.config b/src/Microsoft.DotNet.Web.ProjectTemplates/content/WebApi-CSharp/app.config
new file mode 100644
index 0000000000..a6ad828311
--- /dev/null
+++ b/src/Microsoft.DotNet.Web.ProjectTemplates/content/WebApi-CSharp/app.config
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<configuration>
+  <runtime>
+    <gcServer enabled="true"/>
+  </runtime>
+</configuration>
\ No newline at end of file
diff --git a/src/Microsoft.DotNet.Web.ProjectTemplates/content/WebApi-FSharp/.template.config/template.json b/src/Microsoft.DotNet.Web.ProjectTemplates/content/WebApi-FSharp/.template.config/template.json
index 61f05b5f09..d19fb0dda1 100644
--- a/src/Microsoft.DotNet.Web.ProjectTemplates/content/WebApi-FSharp/.template.config/template.json
+++ b/src/Microsoft.DotNet.Web.ProjectTemplates/content/WebApi-FSharp/.template.config/template.json
@@ -18,6 +18,18 @@
   },
   "sourceName": "Company.WebApplication1",
   "preferNameDirectory": true,
+  "sources": [
+    {
+      "modifiers": [
+        {
+          "condition": "(TargetFrameworkOverride == '')",
+          "exclude": [
+            "app.config"
+          ]
+        }
+      ]
+    }
+  ],
   "symbols": {
     "TargetFrameworkOverride": {
       "type": "parameter",
diff --git a/src/Microsoft.DotNet.Web.ProjectTemplates/content/WebApi-FSharp/app.config b/src/Microsoft.DotNet.Web.ProjectTemplates/content/WebApi-FSharp/app.config
new file mode 100644
index 0000000000..a6ad828311
--- /dev/null
+++ b/src/Microsoft.DotNet.Web.ProjectTemplates/content/WebApi-FSharp/app.config
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<configuration>
+  <runtime>
+    <gcServer enabled="true"/>
+  </runtime>
+</configuration>
\ No newline at end of file
diff --git a/src/Microsoft.DotNet.Web.Spa.ProjectTemplates/content/Angular-CSharp/.template.config/template.json b/src/Microsoft.DotNet.Web.Spa.ProjectTemplates/content/Angular-CSharp/.template.config/template.json
index e6e58992d0..0db9a9082d 100644
--- a/src/Microsoft.DotNet.Web.Spa.ProjectTemplates/content/Angular-CSharp/.template.config/template.json
+++ b/src/Microsoft.DotNet.Web.Spa.ProjectTemplates/content/Angular-CSharp/.template.config/template.json
@@ -22,6 +22,14 @@
       "target": "./",
       "exclude": [
         ".template.config/**"
+      ],
+      "modifiers": [
+        {
+          "condition": "(TargetFrameworkOverride == '')",
+          "exclude": [
+            "app.config"
+          ]
+        }     
       ]
     }
   ],
diff --git a/src/Microsoft.DotNet.Web.Spa.ProjectTemplates/content/Angular-CSharp/app.config b/src/Microsoft.DotNet.Web.Spa.ProjectTemplates/content/Angular-CSharp/app.config
new file mode 100644
index 0000000000..a6ad828311
--- /dev/null
+++ b/src/Microsoft.DotNet.Web.Spa.ProjectTemplates/content/Angular-CSharp/app.config
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<configuration>
+  <runtime>
+    <gcServer enabled="true"/>
+  </runtime>
+</configuration>
\ No newline at end of file
diff --git a/src/Microsoft.DotNet.Web.Spa.ProjectTemplates/content/React-CSharp/.template.config/template.json b/src/Microsoft.DotNet.Web.Spa.ProjectTemplates/content/React-CSharp/.template.config/template.json
index a62f9300d3..4ccba5cb5e 100644
--- a/src/Microsoft.DotNet.Web.Spa.ProjectTemplates/content/React-CSharp/.template.config/template.json
+++ b/src/Microsoft.DotNet.Web.Spa.ProjectTemplates/content/React-CSharp/.template.config/template.json
@@ -22,6 +22,14 @@
       "target": "./",
       "exclude": [
         ".template.config/**"
+      ],
+      "modifiers": [
+        {
+          "condition": "(TargetFrameworkOverride == '')",
+          "exclude": [
+            "app.config"
+          ]
+        }
       ]
     }
   ],
diff --git a/src/Microsoft.DotNet.Web.Spa.ProjectTemplates/content/React-CSharp/app.config b/src/Microsoft.DotNet.Web.Spa.ProjectTemplates/content/React-CSharp/app.config
new file mode 100644
index 0000000000..a6ad828311
--- /dev/null
+++ b/src/Microsoft.DotNet.Web.Spa.ProjectTemplates/content/React-CSharp/app.config
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<configuration>
+  <runtime>
+    <gcServer enabled="true"/>
+  </runtime>
+</configuration>
\ No newline at end of file
diff --git a/src/Microsoft.DotNet.Web.Spa.ProjectTemplates/content/ReactRedux-CSharp/.template.config/template.json b/src/Microsoft.DotNet.Web.Spa.ProjectTemplates/content/ReactRedux-CSharp/.template.config/template.json
index 38418e8db8..93a30a1fbe 100644
--- a/src/Microsoft.DotNet.Web.Spa.ProjectTemplates/content/ReactRedux-CSharp/.template.config/template.json
+++ b/src/Microsoft.DotNet.Web.Spa.ProjectTemplates/content/ReactRedux-CSharp/.template.config/template.json
@@ -22,6 +22,14 @@
       "target": "./",
       "exclude": [
         ".template.config/**"
+      ],
+      "modifiers": [
+        {
+          "condition": "(TargetFrameworkOverride == '')",
+          "exclude": [
+            "app.config"
+          ]
+        }
       ]
     }
   ],
diff --git a/src/Microsoft.DotNet.Web.Spa.ProjectTemplates/content/ReactRedux-CSharp/app.config b/src/Microsoft.DotNet.Web.Spa.ProjectTemplates/content/ReactRedux-CSharp/app.config
new file mode 100644
index 0000000000..a6ad828311
--- /dev/null
+++ b/src/Microsoft.DotNet.Web.Spa.ProjectTemplates/content/ReactRedux-CSharp/app.config
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<configuration>
+  <runtime>
+    <gcServer enabled="true"/>
+  </runtime>
+</configuration>
\ No newline at end of file
diff --git a/test/Templates.Test/EmptyWebTemplateTest.cs b/test/Templates.Test/EmptyWebTemplateTest.cs
index 33f63f5eca..08873b6362 100644
--- a/test/Templates.Test/EmptyWebTemplateTest.cs
+++ b/test/Templates.Test/EmptyWebTemplateTest.cs
@@ -14,7 +14,8 @@ namespace Templates.Test
         }
 
         [ConditionalFact]
-        [OSSkipCondition(OperatingSystems.Linux | OperatingSystems.MacOSX)]
+        [OSSkipCondition(OperatingSystems.Linux)]
+        [OSSkipCondition(OperatingSystems.MacOSX)]
         public void EmptyWebTemplate_Works_NetFramework()
             => EmptyWebTemplateImpl("net461");
 
diff --git a/test/Templates.Test/MvcTemplateTest.cs b/test/Templates.Test/MvcTemplateTest.cs
index 463b6b78e7..1c61dbf33a 100644
--- a/test/Templates.Test/MvcTemplateTest.cs
+++ b/test/Templates.Test/MvcTemplateTest.cs
@@ -14,7 +14,8 @@ namespace Templates.Test
         }
 
         [ConditionalTheory]
-        [OSSkipCondition(OperatingSystems.Linux | OperatingSystems.MacOSX)]
+        [OSSkipCondition(OperatingSystems.Linux)]
+        [OSSkipCondition(OperatingSystems.MacOSX)]
         [InlineData(null)]
         [InlineData("F#")]
         public void MvcTemplate_NoAuth_Works_NetFramework(string languageOverride)
@@ -55,7 +56,8 @@ namespace Templates.Test
         }
 
         [ConditionalFact]
-        [OSSkipCondition(OperatingSystems.Linux | OperatingSystems.MacOSX)]
+        [OSSkipCondition(OperatingSystems.Linux)]
+        [OSSkipCondition(OperatingSystems.MacOSX)]
         public void MvcTemplate_IndividualAuth_Works_NetFramework()
             => MvcTemplate_IndividualAuthImpl("net461");
 
diff --git a/test/Templates.Test/RazorPagesTemplateTest.cs b/test/Templates.Test/RazorPagesTemplateTest.cs
index 7d7ef64873..a610a6d3d9 100644
--- a/test/Templates.Test/RazorPagesTemplateTest.cs
+++ b/test/Templates.Test/RazorPagesTemplateTest.cs
@@ -14,7 +14,8 @@ namespace Templates.Test
         }
 
         [ConditionalFact]
-        [OSSkipCondition(OperatingSystems.Linux | OperatingSystems.MacOSX)]
+        [OSSkipCondition(OperatingSystems.Linux)]
+        [OSSkipCondition(OperatingSystems.MacOSX)]
         public void RazorPagesTemplate_NoAuth_Works_NetFramework()
             => RazorPagesTemplate_NoAuthImpl("net461");
 
@@ -48,7 +49,8 @@ namespace Templates.Test
         }
 
         [ConditionalFact]
-        [OSSkipCondition(OperatingSystems.Linux | OperatingSystems.MacOSX)]
+        [OSSkipCondition(OperatingSystems.Linux)]
+        [OSSkipCondition(OperatingSystems.MacOSX)]
         public void RazorPagesTemplate_IndividualAuth_Works_NetFramework()
             => RazorPagesTemplate_IndividualAuthImpl("net461");
 
diff --git a/test/Templates.Test/SpaTemplateTest.cs b/test/Templates.Test/SpaTemplateTest.cs
index 44efcf9423..0af63f0255 100644
--- a/test/Templates.Test/SpaTemplateTest.cs
+++ b/test/Templates.Test/SpaTemplateTest.cs
@@ -16,7 +16,8 @@ namespace Templates.Test
         }
 
         [ConditionalTheory]
-        [OSSkipCondition(OperatingSystems.Linux | OperatingSystems.MacOSX)]
+        [OSSkipCondition(OperatingSystems.Linux)]
+        [OSSkipCondition(OperatingSystems.MacOSX)]
         // Just use 'angular' as representative for .NET 4.6.1 coverage, as
         // the client-side code isn't affected by the .NET runtime choice
         [InlineData("angular")]
diff --git a/test/Templates.Test/WebApiTemplateTest.cs b/test/Templates.Test/WebApiTemplateTest.cs
index 75d18ba780..b686fc718c 100644
--- a/test/Templates.Test/WebApiTemplateTest.cs
+++ b/test/Templates.Test/WebApiTemplateTest.cs
@@ -14,7 +14,8 @@ namespace Templates.Test
         }
 
         [ConditionalFact]
-        [OSSkipCondition(OperatingSystems.Linux | OperatingSystems.MacOSX)]
+        [OSSkipCondition(OperatingSystems.Linux)]
+        [OSSkipCondition(OperatingSystems.MacOSX)]
         public void WebApiTemplate_Works_NetFramework()
             => WebApiTemplateImpl("net461");