diff --git a/src/Microsoft.AspNet.IISPlatformHandler/IISPlatformHandlerMiddleware.cs b/src/Microsoft.AspNet.IISPlatformHandler/IISPlatformHandlerMiddleware.cs
index bcc13952f0..f6140393cc 100644
--- a/src/Microsoft.AspNet.IISPlatformHandler/IISPlatformHandlerMiddleware.cs
+++ b/src/Microsoft.AspNet.IISPlatformHandler/IISPlatformHandlerMiddleware.cs
@@ -3,7 +3,6 @@
 
 using System;
 using System.Globalization;
-using System.Security.Cryptography.X509Certificates;
 using System.Security.Principal;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Builder;
@@ -20,7 +19,8 @@ namespace Microsoft.AspNet.IISPlatformHandler
 {
     public class IISPlatformHandlerMiddleware
     {
-        private const string XIISWindowsAuthToken = "X-IIS-WindowsAuthToken";
+        private const string XIISWindowsAuthToken = "X-IIS-WindowsAuthToken"; // TODO: Legacy, remove before RTW
+        private const string MSPlatformHandlerWinAuthToken = "MS-PLATFORM-HANDLER-WINAUTHTOKEN";
         private const string MSPlatformHandlerClientCert = "MS-PLATFORM-HANDLER-CLIENTCERT";
 
         private readonly RequestDelegate _next;
@@ -49,7 +49,7 @@ namespace Microsoft.AspNet.IISPlatformHandler
 
         public async Task Invoke(HttpContext httpContext)
         {
-            if (_options.FlowClientCertificate)
+            if (_options.ForwardClientCertificate)
             {
                 var header = httpContext.Request.Headers[MSPlatformHandlerClientCert];
                 if (!StringValues.IsNullOrEmpty(header))
@@ -58,7 +58,7 @@ namespace Microsoft.AspNet.IISPlatformHandler
                 }
             }
 
-            if (_options.FlowWindowsAuthentication)
+            if (_options.ForwardWindowsAuthentication)
             {
                 var winPrincipal = UpdateUser(httpContext);
                 var handler = new AuthenticationHandler(httpContext, _options, winPrincipal);
@@ -80,11 +80,18 @@ namespace Microsoft.AspNet.IISPlatformHandler
 
         private WindowsPrincipal UpdateUser(HttpContext httpContext)
         {
-            var xIISWindowsAuthToken = httpContext.Request.Headers[XIISWindowsAuthToken];
+            var tokenHeader = httpContext.Request.Headers[MSPlatformHandlerWinAuthToken];
+
+            if (StringValues.IsNullOrEmpty(tokenHeader))
+            {
+                // TODO: Legacy, remove before RTW
+                tokenHeader = httpContext.Request.Headers[XIISWindowsAuthToken];
+            }
+
             int hexHandle;
             WindowsPrincipal winPrincipal = null;
-            if (!StringValues.IsNullOrEmpty(xIISWindowsAuthToken)
-                && int.TryParse(xIISWindowsAuthToken, NumberStyles.HexNumber, CultureInfo.InvariantCulture, out hexHandle))
+            if (!StringValues.IsNullOrEmpty(tokenHeader)
+                && int.TryParse(tokenHeader, NumberStyles.HexNumber, CultureInfo.InvariantCulture, out hexHandle))
             {
                 // Always create the identity if the handle exists, we need to dispose it so it does not leak.
                 var handle = new IntPtr(hexHandle);
diff --git a/src/Microsoft.AspNet.IISPlatformHandler/IISPlatformHandlerOptions.cs b/src/Microsoft.AspNet.IISPlatformHandler/IISPlatformHandlerOptions.cs
index 7244a834f9..6a309e91f4 100644
--- a/src/Microsoft.AspNet.IISPlatformHandler/IISPlatformHandlerOptions.cs
+++ b/src/Microsoft.AspNet.IISPlatformHandler/IISPlatformHandlerOptions.cs
@@ -20,12 +20,12 @@ namespace Microsoft.AspNet.Builder
         /// If true authentication middleware will try to authenticate using platform handler windows authentication
         /// If false authentication middleware won't be added
         /// </summary>
-        public bool FlowWindowsAuthentication { get; set; } = true;
+        public bool ForwardWindowsAuthentication { get; set; } = true;
 
         /// <summary>
         /// Populates the ITLSConnectionFeature if the MS-PLATFORM-HANDLER-CLIENTCERT request header is present.
         /// </summary>
-        public bool FlowClientCertificate { get; set; } = true;
+        public bool ForwardClientCertificate { get; set; } = true;
 
         /// <summary>
         /// Additional information about the authentication type which is made available to the application.
diff --git a/test/Microsoft.AspNet.IISPlatformHandler.Tests/HttpPlatformHandlerMiddlewareTests.cs b/test/Microsoft.AspNet.IISPlatformHandler.Tests/HttpPlatformHandlerMiddlewareTests.cs
index 9ae4ce94ec..309678b65f 100644
--- a/test/Microsoft.AspNet.IISPlatformHandler.Tests/HttpPlatformHandlerMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.IISPlatformHandler.Tests/HttpPlatformHandlerMiddlewareTests.cs
@@ -49,7 +49,7 @@ namespace Microsoft.AspNet.IISPlatformHandler
                 {
                     app.UseIISPlatformHandler(new IISPlatformHandlerOptions
                     {
-                        FlowWindowsAuthentication = false
+                        ForwardWindowsAuthentication = false
                     });
                     app.Run(context =>
                     {