From 7229c6086603d424ce14a3870d654228128ac6c6 Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Thu, 28 Jun 2018 16:48:58 -0700
Subject: [PATCH 01/30] Bumping version from 2.2.0 to 3.0.0

---
 version.props | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/version.props b/version.props
index 44985cedb3..71a78cddd8 100644
--- a/version.props
+++ b/version.props
@@ -1,7 +1,7 @@
-<Project>
+<Project>
   <PropertyGroup>
-    <VersionPrefix>2.2.0</VersionPrefix>
-    <VersionSuffix>preview1</VersionSuffix>
+    <VersionPrefix>3.0.0</VersionPrefix>
+    <VersionSuffix>alpha1</VersionSuffix>
     <PackageVersion Condition="'$(IsFinalBuild)' == 'true' AND '$(VersionSuffix)' == 'rtm' ">$(VersionPrefix)</PackageVersion>
     <PackageVersion Condition="'$(IsFinalBuild)' == 'true' AND '$(VersionSuffix)' != 'rtm' ">$(VersionPrefix)-$(VersionSuffix)-final</PackageVersion>
     <BuildNumber Condition="'$(BuildNumber)' == ''">t000</BuildNumber>

From 238f461488746608108d2358a2a3ad3a1117ee9f Mon Sep 17 00:00:00 2001
From: "Nate McMaster (automated)" <nate.mcmaster@microsoft.com>
Date: Mon, 2 Jul 2018 12:40:35 -0700
Subject: [PATCH 02/30] [automated] Change default branch to master

---
 .appveyor.yml                          | 2 +-
 .travis.yml                            | 2 +-
 .vsts-pipelines/builds/ci-internal.yml | 4 ++--
 .vsts-pipelines/builds/ci-public.yml   | 6 +++---
 korebuild.json                         | 4 ++--
 run.ps1                                | 6 +++---
 run.sh                                 | 2 +-
 7 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/.appveyor.yml b/.appveyor.yml
index 4eea96ab69..d45bd5a1f8 100644
--- a/.appveyor.yml
+++ b/.appveyor.yml
@@ -2,7 +2,7 @@ init:
 - git config --global core.autocrlf true
 branches:
   only:
-  - dev
+  - master
   - /^release\/.*$/
   - /^(.*\/)?ci-.*$/
 build_script:
diff --git a/.travis.yml b/.travis.yml
index 64bdbb4441..ab3980055c 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -16,7 +16,7 @@ addons:
     - libunwind8
 branches:
   only:
-  - dev
+  - master
   - /^release\/.*$/
   - /^(.*\/)?ci-.*$/
 before_install:
diff --git a/.vsts-pipelines/builds/ci-internal.yml b/.vsts-pipelines/builds/ci-internal.yml
index d7ceb76378..c2c5336fd0 100644
--- a/.vsts-pipelines/builds/ci-internal.yml
+++ b/.vsts-pipelines/builds/ci-internal.yml
@@ -1,5 +1,5 @@
 trigger:
-- dev
+- master
 - release/*
 
 resources:
@@ -7,7 +7,7 @@ resources:
   - repository: buildtools
     type: git
     name: aspnet-BuildTools
-    ref: refs/heads/dev
+    ref: refs/heads/master
 
 phases:
 - template: .vsts-pipelines/templates/project-ci.yml@buildtools
diff --git a/.vsts-pipelines/builds/ci-public.yml b/.vsts-pipelines/builds/ci-public.yml
index b7f25723f8..507c89b025 100644
--- a/.vsts-pipelines/builds/ci-public.yml
+++ b/.vsts-pipelines/builds/ci-public.yml
@@ -1,5 +1,5 @@
 trigger:
-- dev
+- master
 - release/*
 
 # See https://github.com/aspnet/BuildTools
@@ -9,7 +9,7 @@ resources:
     type: github
     endpoint: DotNet-Bot GitHub Connection
     name: aspnet/BuildTools
-    ref: refs/heads/dev
-    
+    ref: refs/heads/master
+
 phases:
 - template: .vsts-pipelines/templates/project-ci.yml@buildtools
diff --git a/korebuild.json b/korebuild.json
index bd5d51a51b..8a276a7f35 100644
--- a/korebuild.json
+++ b/korebuild.json
@@ -1,4 +1,4 @@
 {
-  "$schema": "https://raw.githubusercontent.com/aspnet/BuildTools/dev/tools/korebuild.schema.json",
-  "channel": "dev"
+  "$schema": "https://raw.githubusercontent.com/aspnet/BuildTools/master/tools/korebuild.schema.json",
+  "channel": "master"
 }
diff --git a/run.ps1 b/run.ps1
index 3b27382468..34604c7175 100644
--- a/run.ps1
+++ b/run.ps1
@@ -52,8 +52,8 @@ in the file are overridden by command line parameters.
 Example config file:
 ```json
 {
-  "$schema": "https://raw.githubusercontent.com/aspnet/BuildTools/dev/tools/korebuild.schema.json",
-  "channel": "dev",
+  "$schema": "https://raw.githubusercontent.com/aspnet/BuildTools/master/tools/korebuild.schema.json",
+  "channel": "master",
   "toolsSource": "https://aspnetcore.blob.core.windows.net/buildtools"
 }
 ```
@@ -192,7 +192,7 @@ if (!$DotNetHome) {
         else { Join-Path $PSScriptRoot '.dotnet'}
 }
 
-if (!$Channel) { $Channel = 'dev' }
+if (!$Channel) { $Channel = 'master' }
 if (!$ToolsSource) { $ToolsSource = 'https://aspnetcore.blob.core.windows.net/buildtools' }
 
 # Execute
diff --git a/run.sh b/run.sh
index 02aac15874..61f7a53385 100755
--- a/run.sh
+++ b/run.sh
@@ -248,7 +248,7 @@ if [ -f "$config_file" ]; then
     [ ! -z "${config_tools_source:-}" ] && tools_source="$config_tools_source"
 fi
 
-[ -z "$channel" ] && channel='dev'
+[ -z "$channel" ] && channel='master'
 [ -z "$tools_source" ] && tools_source='https://aspnetcore.blob.core.windows.net/buildtools'
 
 get_korebuild

From d0d72782745edc41c79c501ff2210058a4eadb46 Mon Sep 17 00:00:00 2001
From: "ASP.NET CI" <aspnetci@users.noreply.github.com>
Date: Tue, 3 Jul 2018 16:27:20 +0000
Subject: [PATCH 03/30] Update dependencies.props

[auto-updated: dependencies]
---
 build/dependencies.props | 54 ++++++++++++++++++++--------------------
 korebuild-lock.txt       |  4 +--
 2 files changed, 29 insertions(+), 29 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index db9d0bec13..5b20d12ffa 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -3,33 +3,33 @@
     <MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects>
   </PropertyGroup>
   <PropertyGroup Label="Package Versions">
-    <InternalAspNetCoreSdkPackageVersion>2.2.0-preview1-17090</InternalAspNetCoreSdkPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.2.0-preview1-34530</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.2.0-preview1-34530</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
-    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.2.0-preview1-34530</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
-    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.2.0-preview1-34530</MicrosoftAspNetCoreDataProtectionPackageVersion>
-    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.2.0-preview1-34530</MicrosoftAspNetCoreDiagnosticsPackageVersion>
-    <MicrosoftAspNetCoreHostingPackageVersion>2.2.0-preview1-34530</MicrosoftAspNetCoreHostingPackageVersion>
-    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.2.0-preview1-34530</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
-    <MicrosoftAspNetCoreHttpPackageVersion>2.2.0-preview1-34530</MicrosoftAspNetCoreHttpPackageVersion>
-    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.2.0-preview1-34530</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.2.0-preview1-34530</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.2.0-preview1-34530</MicrosoftAspNetCoreServerKestrelPackageVersion>
-    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.2.0-preview1-34530</MicrosoftAspNetCoreStaticFilesPackageVersion>
-    <MicrosoftAspNetCoreTestHostPackageVersion>2.2.0-preview1-34530</MicrosoftAspNetCoreTestHostPackageVersion>
-    <MicrosoftAspNetCoreTestingPackageVersion>2.2.0-preview1-34530</MicrosoftAspNetCoreTestingPackageVersion>
-    <MicrosoftExtensionsCachingMemoryPackageVersion>2.2.0-preview1-34530</MicrosoftExtensionsCachingMemoryPackageVersion>
-    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.2.0-preview1-34530</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
-    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.2.0-preview1-34530</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
-    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.2.0-preview1-34530</MicrosoftExtensionsDependencyInjectionPackageVersion>
-    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.2.0-preview1-34530</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
-    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.2.0-preview1-34530</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingConsolePackageVersion>2.2.0-preview1-34530</MicrosoftExtensionsLoggingConsolePackageVersion>
-    <MicrosoftExtensionsLoggingDebugPackageVersion>2.2.0-preview1-34530</MicrosoftExtensionsLoggingDebugPackageVersion>
-    <MicrosoftExtensionsLoggingPackageVersion>2.2.0-preview1-34530</MicrosoftExtensionsLoggingPackageVersion>
-    <MicrosoftExtensionsOptionsPackageVersion>2.2.0-preview1-34530</MicrosoftExtensionsOptionsPackageVersion>
-    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.2.0-preview1-34530</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
-    <MicrosoftExtensionsWebEncodersPackageVersion>2.2.0-preview1-34530</MicrosoftExtensionsWebEncodersPackageVersion>
+    <InternalAspNetCoreSdkPackageVersion>3.0.0-alpha1-10000</InternalAspNetCoreSdkPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>3.0.0-alpha1-10016</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>3.0.0-alpha1-10016</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
+    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>3.0.0-alpha1-10016</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
+    <MicrosoftAspNetCoreDataProtectionPackageVersion>3.0.0-alpha1-10016</MicrosoftAspNetCoreDataProtectionPackageVersion>
+    <MicrosoftAspNetCoreDiagnosticsPackageVersion>3.0.0-alpha1-10016</MicrosoftAspNetCoreDiagnosticsPackageVersion>
+    <MicrosoftAspNetCoreHostingPackageVersion>3.0.0-alpha1-10016</MicrosoftAspNetCoreHostingPackageVersion>
+    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>3.0.0-alpha1-10016</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
+    <MicrosoftAspNetCoreHttpPackageVersion>3.0.0-alpha1-10016</MicrosoftAspNetCoreHttpPackageVersion>
+    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>3.0.0-alpha1-10016</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>3.0.0-alpha1-10016</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>3.0.0-alpha1-10016</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreStaticFilesPackageVersion>3.0.0-alpha1-10016</MicrosoftAspNetCoreStaticFilesPackageVersion>
+    <MicrosoftAspNetCoreTestHostPackageVersion>3.0.0-alpha1-10016</MicrosoftAspNetCoreTestHostPackageVersion>
+    <MicrosoftAspNetCoreTestingPackageVersion>3.0.0-alpha1-10016</MicrosoftAspNetCoreTestingPackageVersion>
+    <MicrosoftExtensionsCachingMemoryPackageVersion>3.0.0-alpha1-10016</MicrosoftExtensionsCachingMemoryPackageVersion>
+    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>3.0.0-alpha1-10016</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
+    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>3.0.0-alpha1-10016</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionPackageVersion>3.0.0-alpha1-10016</MicrosoftExtensionsDependencyInjectionPackageVersion>
+    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>3.0.0-alpha1-10016</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
+    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>3.0.0-alpha1-10016</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingConsolePackageVersion>3.0.0-alpha1-10016</MicrosoftExtensionsLoggingConsolePackageVersion>
+    <MicrosoftExtensionsLoggingDebugPackageVersion>3.0.0-alpha1-10016</MicrosoftExtensionsLoggingDebugPackageVersion>
+    <MicrosoftExtensionsLoggingPackageVersion>3.0.0-alpha1-10016</MicrosoftExtensionsLoggingPackageVersion>
+    <MicrosoftExtensionsOptionsPackageVersion>3.0.0-alpha1-10016</MicrosoftExtensionsOptionsPackageVersion>
+    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>3.0.0-alpha1-10016</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
+    <MicrosoftExtensionsWebEncodersPackageVersion>3.0.0-alpha1-10016</MicrosoftExtensionsWebEncodersPackageVersion>
     <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.2</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
     <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
     <MicrosoftIdentityModelProtocolsWsFederationPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsWsFederationPackageVersion>
diff --git a/korebuild-lock.txt b/korebuild-lock.txt
index a8109db529..f0b76184fd 100644
--- a/korebuild-lock.txt
+++ b/korebuild-lock.txt
@@ -1,2 +1,2 @@
-version:2.2.0-preview1-17090
-commithash:b19e903e946579cd9482089bce7d917e8bacd765
+version:3.0.0-alpha1-10000
+commithash:b7b88d08d55abc8b71de9abf16e26fc713e332cd

From 36276e737842267ebb88a2cacb7c6223e117da6d Mon Sep 17 00:00:00 2001
From: "ASP.NET CI" <aspnetci@users.noreply.github.com>
Date: Sun, 8 Jul 2018 20:09:29 +0000
Subject: [PATCH 04/30] Update dependencies.props

[auto-updated: dependencies]
---
 build/dependencies.props | 56 ++++++++++++++++++++--------------------
 korebuild-lock.txt       |  4 +--
 2 files changed, 30 insertions(+), 30 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index 5b20d12ffa..f013f62a6b 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -3,33 +3,33 @@
     <MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects>
   </PropertyGroup>
   <PropertyGroup Label="Package Versions">
-    <InternalAspNetCoreSdkPackageVersion>3.0.0-alpha1-10000</InternalAspNetCoreSdkPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>3.0.0-alpha1-10016</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>3.0.0-alpha1-10016</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
-    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>3.0.0-alpha1-10016</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
-    <MicrosoftAspNetCoreDataProtectionPackageVersion>3.0.0-alpha1-10016</MicrosoftAspNetCoreDataProtectionPackageVersion>
-    <MicrosoftAspNetCoreDiagnosticsPackageVersion>3.0.0-alpha1-10016</MicrosoftAspNetCoreDiagnosticsPackageVersion>
-    <MicrosoftAspNetCoreHostingPackageVersion>3.0.0-alpha1-10016</MicrosoftAspNetCoreHostingPackageVersion>
-    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>3.0.0-alpha1-10016</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
-    <MicrosoftAspNetCoreHttpPackageVersion>3.0.0-alpha1-10016</MicrosoftAspNetCoreHttpPackageVersion>
-    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>3.0.0-alpha1-10016</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>3.0.0-alpha1-10016</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelPackageVersion>3.0.0-alpha1-10016</MicrosoftAspNetCoreServerKestrelPackageVersion>
-    <MicrosoftAspNetCoreStaticFilesPackageVersion>3.0.0-alpha1-10016</MicrosoftAspNetCoreStaticFilesPackageVersion>
-    <MicrosoftAspNetCoreTestHostPackageVersion>3.0.0-alpha1-10016</MicrosoftAspNetCoreTestHostPackageVersion>
-    <MicrosoftAspNetCoreTestingPackageVersion>3.0.0-alpha1-10016</MicrosoftAspNetCoreTestingPackageVersion>
-    <MicrosoftExtensionsCachingMemoryPackageVersion>3.0.0-alpha1-10016</MicrosoftExtensionsCachingMemoryPackageVersion>
-    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>3.0.0-alpha1-10016</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
-    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>3.0.0-alpha1-10016</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
-    <MicrosoftExtensionsDependencyInjectionPackageVersion>3.0.0-alpha1-10016</MicrosoftExtensionsDependencyInjectionPackageVersion>
-    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>3.0.0-alpha1-10016</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
-    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>3.0.0-alpha1-10016</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingConsolePackageVersion>3.0.0-alpha1-10016</MicrosoftExtensionsLoggingConsolePackageVersion>
-    <MicrosoftExtensionsLoggingDebugPackageVersion>3.0.0-alpha1-10016</MicrosoftExtensionsLoggingDebugPackageVersion>
-    <MicrosoftExtensionsLoggingPackageVersion>3.0.0-alpha1-10016</MicrosoftExtensionsLoggingPackageVersion>
-    <MicrosoftExtensionsOptionsPackageVersion>3.0.0-alpha1-10016</MicrosoftExtensionsOptionsPackageVersion>
-    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>3.0.0-alpha1-10016</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
-    <MicrosoftExtensionsWebEncodersPackageVersion>3.0.0-alpha1-10016</MicrosoftExtensionsWebEncodersPackageVersion>
+    <InternalAspNetCoreSdkPackageVersion>3.0.0-alpha1-10005</InternalAspNetCoreSdkPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>3.0.0-alpha1-10044</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>3.0.0-alpha1-10044</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
+    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>3.0.0-alpha1-10044</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
+    <MicrosoftAspNetCoreDataProtectionPackageVersion>3.0.0-alpha1-10044</MicrosoftAspNetCoreDataProtectionPackageVersion>
+    <MicrosoftAspNetCoreDiagnosticsPackageVersion>3.0.0-alpha1-10044</MicrosoftAspNetCoreDiagnosticsPackageVersion>
+    <MicrosoftAspNetCoreHostingPackageVersion>3.0.0-alpha1-10044</MicrosoftAspNetCoreHostingPackageVersion>
+    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>3.0.0-alpha1-10044</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
+    <MicrosoftAspNetCoreHttpPackageVersion>3.0.0-alpha1-10044</MicrosoftAspNetCoreHttpPackageVersion>
+    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>3.0.0-alpha1-10044</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>3.0.0-alpha1-10044</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>3.0.0-alpha1-10044</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreStaticFilesPackageVersion>3.0.0-alpha1-10044</MicrosoftAspNetCoreStaticFilesPackageVersion>
+    <MicrosoftAspNetCoreTestHostPackageVersion>3.0.0-alpha1-10044</MicrosoftAspNetCoreTestHostPackageVersion>
+    <MicrosoftAspNetCoreTestingPackageVersion>3.0.0-alpha1-10044</MicrosoftAspNetCoreTestingPackageVersion>
+    <MicrosoftExtensionsCachingMemoryPackageVersion>3.0.0-alpha1-10044</MicrosoftExtensionsCachingMemoryPackageVersion>
+    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>3.0.0-alpha1-10044</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
+    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>3.0.0-alpha1-10044</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionPackageVersion>3.0.0-alpha1-10044</MicrosoftExtensionsDependencyInjectionPackageVersion>
+    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>3.0.0-alpha1-10044</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
+    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>3.0.0-alpha1-10044</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingConsolePackageVersion>3.0.0-alpha1-10044</MicrosoftExtensionsLoggingConsolePackageVersion>
+    <MicrosoftExtensionsLoggingDebugPackageVersion>3.0.0-alpha1-10044</MicrosoftExtensionsLoggingDebugPackageVersion>
+    <MicrosoftExtensionsLoggingPackageVersion>3.0.0-alpha1-10044</MicrosoftExtensionsLoggingPackageVersion>
+    <MicrosoftExtensionsOptionsPackageVersion>3.0.0-alpha1-10044</MicrosoftExtensionsOptionsPackageVersion>
+    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>3.0.0-alpha1-10044</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
+    <MicrosoftExtensionsWebEncodersPackageVersion>3.0.0-alpha1-10044</MicrosoftExtensionsWebEncodersPackageVersion>
     <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.2</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
     <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
     <MicrosoftIdentityModelProtocolsWsFederationPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsWsFederationPackageVersion>
@@ -45,7 +45,7 @@
     <SystemIdentityModelTokensJwtPackageVersion>5.2.0</SystemIdentityModelTokensJwtPackageVersion>
     <XunitAnalyzersPackageVersion>0.8.0</XunitAnalyzersPackageVersion>
     <XunitPackageVersion>2.3.1</XunitPackageVersion>
-    <XunitRunnerVisualStudioPackageVersion>2.4.0-beta.1.build3945</XunitRunnerVisualStudioPackageVersion>
+    <XunitRunnerVisualStudioPackageVersion>2.4.0-rc.1.build4038</XunitRunnerVisualStudioPackageVersion>
   </PropertyGroup>
   <Import Project="$(DotNetPackageVersionPropsPath)" Condition=" '$(DotNetPackageVersionPropsPath)' != '' " />
 </Project>
diff --git a/korebuild-lock.txt b/korebuild-lock.txt
index f0b76184fd..f357ac9f7d 100644
--- a/korebuild-lock.txt
+++ b/korebuild-lock.txt
@@ -1,2 +1,2 @@
-version:3.0.0-alpha1-10000
-commithash:b7b88d08d55abc8b71de9abf16e26fc713e332cd
+version:3.0.0-alpha1-10005
+commithash:05570853de976a526462ca140a55b1ac59d9a351

From f948c0020b501defbb6b0015b437562f114a74f9 Mon Sep 17 00:00:00 2001
From: "ASP.NET CI" <aspnetci@users.noreply.github.com>
Date: Sun, 15 Jul 2018 20:11:51 +0000
Subject: [PATCH 05/30] Update dependencies.props

[auto-updated: dependencies]
---
 build/dependencies.props | 60 ++++++++++++++++++++--------------------
 korebuild-lock.txt       |  4 +--
 2 files changed, 32 insertions(+), 32 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index f013f62a6b..d4a38538fe 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -3,38 +3,38 @@
     <MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects>
   </PropertyGroup>
   <PropertyGroup Label="Package Versions">
-    <InternalAspNetCoreSdkPackageVersion>3.0.0-alpha1-10005</InternalAspNetCoreSdkPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>3.0.0-alpha1-10044</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>3.0.0-alpha1-10044</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
-    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>3.0.0-alpha1-10044</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
-    <MicrosoftAspNetCoreDataProtectionPackageVersion>3.0.0-alpha1-10044</MicrosoftAspNetCoreDataProtectionPackageVersion>
-    <MicrosoftAspNetCoreDiagnosticsPackageVersion>3.0.0-alpha1-10044</MicrosoftAspNetCoreDiagnosticsPackageVersion>
-    <MicrosoftAspNetCoreHostingPackageVersion>3.0.0-alpha1-10044</MicrosoftAspNetCoreHostingPackageVersion>
-    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>3.0.0-alpha1-10044</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
-    <MicrosoftAspNetCoreHttpPackageVersion>3.0.0-alpha1-10044</MicrosoftAspNetCoreHttpPackageVersion>
-    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>3.0.0-alpha1-10044</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>3.0.0-alpha1-10044</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelPackageVersion>3.0.0-alpha1-10044</MicrosoftAspNetCoreServerKestrelPackageVersion>
-    <MicrosoftAspNetCoreStaticFilesPackageVersion>3.0.0-alpha1-10044</MicrosoftAspNetCoreStaticFilesPackageVersion>
-    <MicrosoftAspNetCoreTestHostPackageVersion>3.0.0-alpha1-10044</MicrosoftAspNetCoreTestHostPackageVersion>
-    <MicrosoftAspNetCoreTestingPackageVersion>3.0.0-alpha1-10044</MicrosoftAspNetCoreTestingPackageVersion>
-    <MicrosoftExtensionsCachingMemoryPackageVersion>3.0.0-alpha1-10044</MicrosoftExtensionsCachingMemoryPackageVersion>
-    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>3.0.0-alpha1-10044</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
-    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>3.0.0-alpha1-10044</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
-    <MicrosoftExtensionsDependencyInjectionPackageVersion>3.0.0-alpha1-10044</MicrosoftExtensionsDependencyInjectionPackageVersion>
-    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>3.0.0-alpha1-10044</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
-    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>3.0.0-alpha1-10044</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingConsolePackageVersion>3.0.0-alpha1-10044</MicrosoftExtensionsLoggingConsolePackageVersion>
-    <MicrosoftExtensionsLoggingDebugPackageVersion>3.0.0-alpha1-10044</MicrosoftExtensionsLoggingDebugPackageVersion>
-    <MicrosoftExtensionsLoggingPackageVersion>3.0.0-alpha1-10044</MicrosoftExtensionsLoggingPackageVersion>
-    <MicrosoftExtensionsOptionsPackageVersion>3.0.0-alpha1-10044</MicrosoftExtensionsOptionsPackageVersion>
-    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>3.0.0-alpha1-10044</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
-    <MicrosoftExtensionsWebEncodersPackageVersion>3.0.0-alpha1-10044</MicrosoftExtensionsWebEncodersPackageVersion>
+    <InternalAspNetCoreSdkPackageVersion>3.0.0-alpha1-10009</InternalAspNetCoreSdkPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>3.0.0-alpha1-10081</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>3.0.0-alpha1-10081</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
+    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>3.0.0-alpha1-10081</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
+    <MicrosoftAspNetCoreDataProtectionPackageVersion>3.0.0-alpha1-10081</MicrosoftAspNetCoreDataProtectionPackageVersion>
+    <MicrosoftAspNetCoreDiagnosticsPackageVersion>3.0.0-alpha1-10081</MicrosoftAspNetCoreDiagnosticsPackageVersion>
+    <MicrosoftAspNetCoreHostingPackageVersion>3.0.0-alpha1-10081</MicrosoftAspNetCoreHostingPackageVersion>
+    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>3.0.0-alpha1-10081</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
+    <MicrosoftAspNetCoreHttpPackageVersion>3.0.0-alpha1-10081</MicrosoftAspNetCoreHttpPackageVersion>
+    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>3.0.0-alpha1-10081</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>3.0.0-alpha1-10081</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>3.0.0-alpha1-10081</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreStaticFilesPackageVersion>3.0.0-alpha1-10081</MicrosoftAspNetCoreStaticFilesPackageVersion>
+    <MicrosoftAspNetCoreTestHostPackageVersion>3.0.0-alpha1-10081</MicrosoftAspNetCoreTestHostPackageVersion>
+    <MicrosoftAspNetCoreTestingPackageVersion>3.0.0-alpha1-10081</MicrosoftAspNetCoreTestingPackageVersion>
+    <MicrosoftExtensionsCachingMemoryPackageVersion>3.0.0-alpha1-10081</MicrosoftExtensionsCachingMemoryPackageVersion>
+    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>3.0.0-alpha1-10081</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
+    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>3.0.0-alpha1-10081</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionPackageVersion>3.0.0-alpha1-10081</MicrosoftExtensionsDependencyInjectionPackageVersion>
+    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>3.0.0-alpha1-10081</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
+    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>3.0.0-alpha1-10081</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingConsolePackageVersion>3.0.0-alpha1-10081</MicrosoftExtensionsLoggingConsolePackageVersion>
+    <MicrosoftExtensionsLoggingDebugPackageVersion>3.0.0-alpha1-10081</MicrosoftExtensionsLoggingDebugPackageVersion>
+    <MicrosoftExtensionsLoggingPackageVersion>3.0.0-alpha1-10081</MicrosoftExtensionsLoggingPackageVersion>
+    <MicrosoftExtensionsOptionsPackageVersion>3.0.0-alpha1-10081</MicrosoftExtensionsOptionsPackageVersion>
+    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>3.0.0-alpha1-10081</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
+    <MicrosoftExtensionsWebEncodersPackageVersion>3.0.0-alpha1-10081</MicrosoftExtensionsWebEncodersPackageVersion>
     <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.2</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
     <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
     <MicrosoftIdentityModelProtocolsWsFederationPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsWsFederationPackageVersion>
-    <MicrosoftNETCoreApp20PackageVersion>2.0.0</MicrosoftNETCoreApp20PackageVersion>
-    <MicrosoftNETCoreApp21PackageVersion>2.1.0</MicrosoftNETCoreApp21PackageVersion>
+    <MicrosoftNETCoreApp20PackageVersion>2.0.9</MicrosoftNETCoreApp20PackageVersion>
+    <MicrosoftNETCoreApp21PackageVersion>2.1.2</MicrosoftNETCoreApp21PackageVersion>
     <MicrosoftNETCoreApp22PackageVersion>2.2.0-preview1-26618-02</MicrosoftNETCoreApp22PackageVersion>
     <MicrosoftNETTestSdkPackageVersion>15.6.1</MicrosoftNETTestSdkPackageVersion>
     <MicrosoftOwinSecurityCookiesPackageVersion>3.0.1</MicrosoftOwinSecurityCookiesPackageVersion>
@@ -43,7 +43,7 @@
     <NETStandardLibrary20PackageVersion>2.0.3</NETStandardLibrary20PackageVersion>
     <NewtonsoftJsonPackageVersion>11.0.2</NewtonsoftJsonPackageVersion>
     <SystemIdentityModelTokensJwtPackageVersion>5.2.0</SystemIdentityModelTokensJwtPackageVersion>
-    <XunitAnalyzersPackageVersion>0.8.0</XunitAnalyzersPackageVersion>
+    <XunitAnalyzersPackageVersion>0.9.0</XunitAnalyzersPackageVersion>
     <XunitPackageVersion>2.3.1</XunitPackageVersion>
     <XunitRunnerVisualStudioPackageVersion>2.4.0-rc.1.build4038</XunitRunnerVisualStudioPackageVersion>
   </PropertyGroup>
diff --git a/korebuild-lock.txt b/korebuild-lock.txt
index f357ac9f7d..4db537685b 100644
--- a/korebuild-lock.txt
+++ b/korebuild-lock.txt
@@ -1,2 +1,2 @@
-version:3.0.0-alpha1-10005
-commithash:05570853de976a526462ca140a55b1ac59d9a351
+version:3.0.0-alpha1-10009
+commithash:86be4707e47d2f1930a982f2b59eacfc4196da33

From 48b8fc7c02ada57c9d6293142b9ada4ac07ad8be Mon Sep 17 00:00:00 2001
From: "ASP.NET CI" <aspnetci@users.noreply.github.com>
Date: Sun, 22 Jul 2018 13:14:06 -0700
Subject: [PATCH 06/30] Update dependencies.props

[auto-updated: dependencies]
---
 build/dependencies.props | 54 ++++++++++++++++++++--------------------
 korebuild-lock.txt       |  4 +--
 2 files changed, 29 insertions(+), 29 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index d4a38538fe..efaeec400e 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -3,33 +3,33 @@
     <MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects>
   </PropertyGroup>
   <PropertyGroup Label="Package Versions">
-    <InternalAspNetCoreSdkPackageVersion>3.0.0-alpha1-10009</InternalAspNetCoreSdkPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>3.0.0-alpha1-10081</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>3.0.0-alpha1-10081</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
-    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>3.0.0-alpha1-10081</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
-    <MicrosoftAspNetCoreDataProtectionPackageVersion>3.0.0-alpha1-10081</MicrosoftAspNetCoreDataProtectionPackageVersion>
-    <MicrosoftAspNetCoreDiagnosticsPackageVersion>3.0.0-alpha1-10081</MicrosoftAspNetCoreDiagnosticsPackageVersion>
-    <MicrosoftAspNetCoreHostingPackageVersion>3.0.0-alpha1-10081</MicrosoftAspNetCoreHostingPackageVersion>
-    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>3.0.0-alpha1-10081</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
-    <MicrosoftAspNetCoreHttpPackageVersion>3.0.0-alpha1-10081</MicrosoftAspNetCoreHttpPackageVersion>
-    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>3.0.0-alpha1-10081</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>3.0.0-alpha1-10081</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelPackageVersion>3.0.0-alpha1-10081</MicrosoftAspNetCoreServerKestrelPackageVersion>
-    <MicrosoftAspNetCoreStaticFilesPackageVersion>3.0.0-alpha1-10081</MicrosoftAspNetCoreStaticFilesPackageVersion>
-    <MicrosoftAspNetCoreTestHostPackageVersion>3.0.0-alpha1-10081</MicrosoftAspNetCoreTestHostPackageVersion>
-    <MicrosoftAspNetCoreTestingPackageVersion>3.0.0-alpha1-10081</MicrosoftAspNetCoreTestingPackageVersion>
-    <MicrosoftExtensionsCachingMemoryPackageVersion>3.0.0-alpha1-10081</MicrosoftExtensionsCachingMemoryPackageVersion>
-    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>3.0.0-alpha1-10081</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
-    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>3.0.0-alpha1-10081</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
-    <MicrosoftExtensionsDependencyInjectionPackageVersion>3.0.0-alpha1-10081</MicrosoftExtensionsDependencyInjectionPackageVersion>
-    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>3.0.0-alpha1-10081</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
-    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>3.0.0-alpha1-10081</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingConsolePackageVersion>3.0.0-alpha1-10081</MicrosoftExtensionsLoggingConsolePackageVersion>
-    <MicrosoftExtensionsLoggingDebugPackageVersion>3.0.0-alpha1-10081</MicrosoftExtensionsLoggingDebugPackageVersion>
-    <MicrosoftExtensionsLoggingPackageVersion>3.0.0-alpha1-10081</MicrosoftExtensionsLoggingPackageVersion>
-    <MicrosoftExtensionsOptionsPackageVersion>3.0.0-alpha1-10081</MicrosoftExtensionsOptionsPackageVersion>
-    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>3.0.0-alpha1-10081</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
-    <MicrosoftExtensionsWebEncodersPackageVersion>3.0.0-alpha1-10081</MicrosoftExtensionsWebEncodersPackageVersion>
+    <InternalAspNetCoreSdkPackageVersion>3.0.0-alpha1-10011</InternalAspNetCoreSdkPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>3.0.0-alpha1-10123</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>3.0.0-alpha1-10123</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
+    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>3.0.0-alpha1-10123</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
+    <MicrosoftAspNetCoreDataProtectionPackageVersion>3.0.0-alpha1-10123</MicrosoftAspNetCoreDataProtectionPackageVersion>
+    <MicrosoftAspNetCoreDiagnosticsPackageVersion>3.0.0-alpha1-10123</MicrosoftAspNetCoreDiagnosticsPackageVersion>
+    <MicrosoftAspNetCoreHostingPackageVersion>3.0.0-alpha1-10123</MicrosoftAspNetCoreHostingPackageVersion>
+    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>3.0.0-alpha1-10123</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
+    <MicrosoftAspNetCoreHttpPackageVersion>3.0.0-alpha1-10123</MicrosoftAspNetCoreHttpPackageVersion>
+    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>3.0.0-alpha1-10123</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>3.0.0-alpha1-10123</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>3.0.0-alpha1-10123</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreStaticFilesPackageVersion>3.0.0-alpha1-10123</MicrosoftAspNetCoreStaticFilesPackageVersion>
+    <MicrosoftAspNetCoreTestHostPackageVersion>3.0.0-alpha1-10123</MicrosoftAspNetCoreTestHostPackageVersion>
+    <MicrosoftAspNetCoreTestingPackageVersion>3.0.0-alpha1-10123</MicrosoftAspNetCoreTestingPackageVersion>
+    <MicrosoftExtensionsCachingMemoryPackageVersion>3.0.0-alpha1-10123</MicrosoftExtensionsCachingMemoryPackageVersion>
+    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>3.0.0-alpha1-10123</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
+    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>3.0.0-alpha1-10123</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionPackageVersion>3.0.0-alpha1-10123</MicrosoftExtensionsDependencyInjectionPackageVersion>
+    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>3.0.0-alpha1-10123</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
+    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>3.0.0-alpha1-10123</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingConsolePackageVersion>3.0.0-alpha1-10123</MicrosoftExtensionsLoggingConsolePackageVersion>
+    <MicrosoftExtensionsLoggingDebugPackageVersion>3.0.0-alpha1-10123</MicrosoftExtensionsLoggingDebugPackageVersion>
+    <MicrosoftExtensionsLoggingPackageVersion>3.0.0-alpha1-10123</MicrosoftExtensionsLoggingPackageVersion>
+    <MicrosoftExtensionsOptionsPackageVersion>3.0.0-alpha1-10123</MicrosoftExtensionsOptionsPackageVersion>
+    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>3.0.0-alpha1-10123</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
+    <MicrosoftExtensionsWebEncodersPackageVersion>3.0.0-alpha1-10123</MicrosoftExtensionsWebEncodersPackageVersion>
     <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.2</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
     <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
     <MicrosoftIdentityModelProtocolsWsFederationPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsWsFederationPackageVersion>
diff --git a/korebuild-lock.txt b/korebuild-lock.txt
index 4db537685b..9a67ee9c28 100644
--- a/korebuild-lock.txt
+++ b/korebuild-lock.txt
@@ -1,2 +1,2 @@
-version:3.0.0-alpha1-10009
-commithash:86be4707e47d2f1930a982f2b59eacfc4196da33
+version:3.0.0-alpha1-10011
+commithash:717c2eb1f91dafd2580c1a9b8e5064d12dd8c054

From 3b554fd9b2dc078ed0c47e62f8b93a3c3d2d314c Mon Sep 17 00:00:00 2001
From: Eilon Lipton <Eilon@users.noreply.github.com>
Date: Tue, 24 Jul 2018 10:57:22 -0700
Subject: [PATCH 07/30] Update CONTRIBUTING.md

---
 CONTRIBUTING.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 64ff041d5c..eac4268e4c 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,4 +1,4 @@
 Contributing
 ======
 
-Information on contributing to this repo is in the [Contributing Guide](https://github.com/aspnet/Home/blob/dev/CONTRIBUTING.md) in the Home repo.
+Information on contributing to this repo is in the [Contributing Guide](https://github.com/aspnet/Home/blob/master/CONTRIBUTING.md) in the Home repo.

From 899a3a2e88d14124fe4155aaeab7c174197c1655 Mon Sep 17 00:00:00 2001
From: Hao Kung <HaoK@users.noreply.github.com>
Date: Thu, 26 Jul 2018 14:50:52 -0700
Subject: [PATCH 08/30] Refactor common tests

---
 .../CookieTests.cs                            | 428 +--------------
 .../FacebookTests.cs                          | 493 +----------------
 .../GoogleTests.cs                            | 451 +---------------
 .../JwtBearerTests.cs                         | 434 +--------------
 .../MicrosoftAccountTests.cs                  | 451 +---------------
 .../OAuthTests.cs                             | 441 +--------------
 .../RemoteAuthenticationTests.cs              |  92 ++++
 .../SharedAuthenticationTests.cs              | 510 ++++++++++++++++++
 .../TwitterTests.cs                           | 445 +--------------
 9 files changed, 737 insertions(+), 3008 deletions(-)
 create mode 100644 test/Microsoft.AspNetCore.Authentication.Test/RemoteAuthenticationTests.cs
 create mode 100644 test/Microsoft.AspNetCore.Authentication.Test/SharedAuthenticationTests.cs

diff --git a/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
index 766d1e2e53..107fc5db1e 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
@@ -10,7 +10,6 @@ using System.Security.Principal;
 using System.Text;
 using System.Threading.Tasks;
 using System.Xml.Linq;
-using Microsoft.AspNetCore.Authentication.Tests;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Hosting;
@@ -22,431 +21,16 @@ using Xunit;
 
 namespace Microsoft.AspNetCore.Authentication.Cookies
 {
-    public class CookieTests
+    public class CookieTests : SharedAuthenticationTests<CookieAuthenticationOptions>
     {
         private TestClock _clock = new TestClock();
 
-        [Fact]
-        public async Task CanForwardDefault()
+        protected override string DefaultScheme => CookieAuthenticationDefaults.AuthenticationScheme;
+        protected override Type HandlerType => typeof(CookieAuthenticationHandler);
+
+        protected override void RegisterAuth(AuthenticationBuilder services, Action<CookieAuthenticationOptions> configure)
         {
-            var services = new ServiceCollection().AddLogging();
-
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler>("auth1", "auth1");
-            })
-            .AddCookie(o => o.ForwardDefault = "auth1");
-
-            var forwardDefault = new TestHandler();
-            services.AddSingleton(forwardDefault);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            Assert.Equal(0, forwardDefault.AuthenticateCount);
-            Assert.Equal(0, forwardDefault.ForbidCount);
-            Assert.Equal(0, forwardDefault.ChallengeCount);
-            Assert.Equal(0, forwardDefault.SignInCount);
-            Assert.Equal(0, forwardDefault.SignOutCount);
-
-            await context.AuthenticateAsync();
-            Assert.Equal(1, forwardDefault.AuthenticateCount);
-
-            await context.ForbidAsync();
-            Assert.Equal(1, forwardDefault.ForbidCount);
-
-            await context.ChallengeAsync();
-            Assert.Equal(1, forwardDefault.ChallengeCount);
-
-            await context.SignOutAsync();
-            Assert.Equal(1, forwardDefault.SignOutCount);
-
-            await context.SignInAsync(new ClaimsPrincipal());
-            Assert.Equal(1, forwardDefault.SignInCount);
-        }
-
-        [Fact]
-        public async Task ForwardSignInWinsOverDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
-
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-                o.AddScheme<TestHandler>("specific", "specific");
-            })
-            .AddCookie(o =>
-            {
-                o.ForwardDefault = "auth1";
-                o.ForwardSignIn = "specific";
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await context.SignInAsync(new ClaimsPrincipal());
-            Assert.Equal(1, specific.SignInCount);
-            Assert.Equal(0, specific.AuthenticateCount);
-            Assert.Equal(0, specific.ForbidCount);
-            Assert.Equal(0, specific.ChallengeCount);
-            Assert.Equal(0, specific.SignOutCount);
-
-            Assert.Equal(0, forwardDefault.AuthenticateCount);
-            Assert.Equal(0, forwardDefault.ForbidCount);
-            Assert.Equal(0, forwardDefault.ChallengeCount);
-            Assert.Equal(0, forwardDefault.SignInCount);
-            Assert.Equal(0, forwardDefault.SignOutCount);
-        }
-
-        [Fact]
-        public async Task ForwardSignOutWinsOverDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
-
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-                o.AddScheme<TestHandler>("specific", "specific");
-            })
-            .AddCookie(o =>
-            {
-                o.ForwardDefault = "auth1";
-                o.ForwardSignOut = "specific";
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await context.SignOutAsync();
-            Assert.Equal(1, specific.SignOutCount);
-            Assert.Equal(0, specific.AuthenticateCount);
-            Assert.Equal(0, specific.ForbidCount);
-            Assert.Equal(0, specific.ChallengeCount);
-            Assert.Equal(0, specific.SignInCount);
-
-            Assert.Equal(0, forwardDefault.AuthenticateCount);
-            Assert.Equal(0, forwardDefault.ForbidCount);
-            Assert.Equal(0, forwardDefault.ChallengeCount);
-            Assert.Equal(0, forwardDefault.SignInCount);
-            Assert.Equal(0, forwardDefault.SignOutCount);
-        }
-
-        [Fact]
-        public async Task ForwardForbidWinsOverDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
-
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-                o.AddScheme<TestHandler>("specific", "specific");
-            })
-            .AddCookie(o =>
-            {
-                o.ForwardDefault = "auth1";
-                o.ForwardForbid = "specific";
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await context.ForbidAsync();
-            Assert.Equal(0, specific.SignOutCount);
-            Assert.Equal(0, specific.AuthenticateCount);
-            Assert.Equal(1, specific.ForbidCount);
-            Assert.Equal(0, specific.ChallengeCount);
-            Assert.Equal(0, specific.SignInCount);
-
-            Assert.Equal(0, forwardDefault.AuthenticateCount);
-            Assert.Equal(0, forwardDefault.ForbidCount);
-            Assert.Equal(0, forwardDefault.ChallengeCount);
-            Assert.Equal(0, forwardDefault.SignInCount);
-            Assert.Equal(0, forwardDefault.SignOutCount);
-        }
-
-        [Fact]
-        public async Task ForwardAuthenticateWinsOverDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
-
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-                o.AddScheme<TestHandler>("specific", "specific");
-            })
-            .AddCookie(o =>
-            {
-                o.ForwardDefault = "auth1";
-                o.ForwardAuthenticate = "specific";
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await context.AuthenticateAsync();
-            Assert.Equal(0, specific.SignOutCount);
-            Assert.Equal(1, specific.AuthenticateCount);
-            Assert.Equal(0, specific.ForbidCount);
-            Assert.Equal(0, specific.ChallengeCount);
-            Assert.Equal(0, specific.SignInCount);
-
-            Assert.Equal(0, forwardDefault.AuthenticateCount);
-            Assert.Equal(0, forwardDefault.ForbidCount);
-            Assert.Equal(0, forwardDefault.ChallengeCount);
-            Assert.Equal(0, forwardDefault.SignInCount);
-            Assert.Equal(0, forwardDefault.SignOutCount);
-        }
-
-        [Fact]
-        public async Task ForwardChallengeWinsOverDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler>("specific", "specific");
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-            })
-            .AddCookie(o =>
-            {
-                o.ForwardDefault = "auth1";
-                o.ForwardChallenge = "specific";
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await context.ChallengeAsync();
-            Assert.Equal(0, specific.SignOutCount);
-            Assert.Equal(0, specific.AuthenticateCount);
-            Assert.Equal(0, specific.ForbidCount);
-            Assert.Equal(1, specific.ChallengeCount);
-            Assert.Equal(0, specific.SignInCount);
-
-            Assert.Equal(0, forwardDefault.AuthenticateCount);
-            Assert.Equal(0, forwardDefault.ForbidCount);
-            Assert.Equal(0, forwardDefault.ChallengeCount);
-            Assert.Equal(0, forwardDefault.SignInCount);
-            Assert.Equal(0, forwardDefault.SignOutCount);
-        }
-
-        [Fact]
-        public async Task ForwardSelectorWinsOverDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-                o.AddScheme<TestHandler3>("selector", "selector");
-                o.AddScheme<TestHandler>("specific", "specific");
-            })
-            .AddCookie(o =>
-            {
-                o.ForwardDefault = "auth1";
-                o.ForwardDefaultSelector = _ => "selector";
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-            var selector = new TestHandler3();
-            services.AddSingleton(selector);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await context.AuthenticateAsync();
-            Assert.Equal(1, selector.AuthenticateCount);
-
-            await context.ForbidAsync();
-            Assert.Equal(1, selector.ForbidCount);
-
-            await context.ChallengeAsync();
-            Assert.Equal(1, selector.ChallengeCount);
-
-            await context.SignOutAsync();
-            Assert.Equal(1, selector.SignOutCount);
-
-            await context.SignInAsync(new ClaimsPrincipal());
-            Assert.Equal(1, selector.SignInCount);
-
-            Assert.Equal(0, forwardDefault.AuthenticateCount);
-            Assert.Equal(0, forwardDefault.ForbidCount);
-            Assert.Equal(0, forwardDefault.ChallengeCount);
-            Assert.Equal(0, forwardDefault.SignInCount);
-            Assert.Equal(0, forwardDefault.SignOutCount);
-            Assert.Equal(0, specific.AuthenticateCount);
-            Assert.Equal(0, specific.ForbidCount);
-            Assert.Equal(0, specific.ChallengeCount);
-            Assert.Equal(0, specific.SignInCount);
-            Assert.Equal(0, specific.SignOutCount);
-        }
-
-        [Fact]
-        public async Task NullForwardSelectorUsesDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-                o.AddScheme<TestHandler3>("selector", "selector");
-                o.AddScheme<TestHandler>("specific", "specific");
-            })
-            .AddCookie(o =>
-            {
-                o.ForwardDefault = "auth1";
-                o.ForwardDefaultSelector = _ => null;
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-            var selector = new TestHandler3();
-            services.AddSingleton(selector);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await context.AuthenticateAsync();
-            Assert.Equal(1, forwardDefault.AuthenticateCount);
-
-            await context.ForbidAsync();
-            Assert.Equal(1, forwardDefault.ForbidCount);
-
-            await context.ChallengeAsync();
-            Assert.Equal(1, forwardDefault.ChallengeCount);
-
-            await context.SignOutAsync();
-            Assert.Equal(1, forwardDefault.SignOutCount);
-
-            await context.SignInAsync(new ClaimsPrincipal());
-            Assert.Equal(1, forwardDefault.SignInCount);
-
-            Assert.Equal(0, selector.AuthenticateCount);
-            Assert.Equal(0, selector.ForbidCount);
-            Assert.Equal(0, selector.ChallengeCount);
-            Assert.Equal(0, selector.SignInCount);
-            Assert.Equal(0, selector.SignOutCount);
-            Assert.Equal(0, specific.AuthenticateCount);
-            Assert.Equal(0, specific.ForbidCount);
-            Assert.Equal(0, specific.ChallengeCount);
-            Assert.Equal(0, specific.SignInCount);
-            Assert.Equal(0, specific.SignOutCount);
-        }
-
-        [Fact]
-        public async Task SpecificForwardWinsOverSelectorAndDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-                o.AddScheme<TestHandler3>("selector", "selector");
-                o.AddScheme<TestHandler>("specific", "specific");
-            })
-            .AddCookie(o =>
-            {
-                o.ForwardDefault = "auth1";
-                o.ForwardDefaultSelector = _ => "selector";
-                o.ForwardAuthenticate = "specific";
-                o.ForwardChallenge = "specific";
-                o.ForwardSignIn = "specific";
-                o.ForwardSignOut = "specific";
-                o.ForwardForbid = "specific";
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-            var selector = new TestHandler3();
-            services.AddSingleton(selector);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await context.AuthenticateAsync();
-            Assert.Equal(1, specific.AuthenticateCount);
-
-            await context.ForbidAsync();
-            Assert.Equal(1, specific.ForbidCount);
-
-            await context.ChallengeAsync();
-            Assert.Equal(1, specific.ChallengeCount);
-
-            await context.SignOutAsync();
-            Assert.Equal(1, specific.SignOutCount);
-
-            await context.SignInAsync(new ClaimsPrincipal());
-            Assert.Equal(1, specific.SignInCount);
-
-            Assert.Equal(0, forwardDefault.AuthenticateCount);
-            Assert.Equal(0, forwardDefault.ForbidCount);
-            Assert.Equal(0, forwardDefault.ChallengeCount);
-            Assert.Equal(0, forwardDefault.SignInCount);
-            Assert.Equal(0, forwardDefault.SignOutCount);
-            Assert.Equal(0, selector.AuthenticateCount);
-            Assert.Equal(0, selector.ForbidCount);
-            Assert.Equal(0, selector.ChallengeCount);
-            Assert.Equal(0, selector.SignInCount);
-            Assert.Equal(0, selector.SignOutCount);
-        }
-
-        [Fact]
-        public async Task VerifySchemeDefaults()
-        {
-            var services = new ServiceCollection();
-            services.AddAuthentication().AddCookie();
-            var sp = services.BuildServiceProvider();
-            var schemeProvider = sp.GetRequiredService<IAuthenticationSchemeProvider>();
-            var scheme = await schemeProvider.GetSchemeAsync(CookieAuthenticationDefaults.AuthenticationScheme);
-            Assert.NotNull(scheme);
-            Assert.Equal("CookieAuthenticationHandler", scheme.HandlerType.Name);
-            Assert.Null(scheme.DisplayName);
+            services.AddCookie(configure);
         }
 
         [Fact]
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
index b909be9fdc..6802c60e70 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
@@ -1,17 +1,8 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using System;
-using System.Linq;
-using System.Net;
-using System.Net.Http;
-using System.Security.Claims;
-using System.Text;
-using System.Text.Encodings.Web;
-using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.Authentication.OAuth;
-using Microsoft.AspNetCore.Authentication.Tests;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Hosting;
@@ -20,478 +11,40 @@ using Microsoft.AspNetCore.TestHost;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging.Abstractions;
 using Newtonsoft.Json;
+using System;
+using System.Linq;
+using System.Net;
+using System.Net.Http;
+using System.Text;
+using System.Text.Encodings.Web;
+using System.Threading.Tasks;
 using Xunit;
 
 namespace Microsoft.AspNetCore.Authentication.Facebook
 {
-    public class FacebookTests
+    public class FacebookTests : RemoteAuthenticationTests<FacebookOptions>
     {
-        private void ConfigureDefaults(FacebookOptions o)
+        protected override string DefaultScheme => FacebookDefaults.AuthenticationScheme;
+        protected override Type HandlerType => typeof(FacebookHandler);
+        protected override bool SupportsSignIn { get => false; }
+        protected override bool SupportsSignOut { get => false; }
+
+        protected override void RegisterAuth(AuthenticationBuilder services, Action<FacebookOptions> configure)
+        {
+            services.AddFacebook(o =>
+            {
+                ConfigureDefaults(o);
+                configure.Invoke(o);
+            });
+        }
+ 
+        protected override void ConfigureDefaults(FacebookOptions o)
         {
             o.AppId = "whatever";
             o.AppSecret = "whatever";
             o.SignInScheme = "auth1";
         }
 
-        [Fact]
-        public async Task CanForwardDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
-
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = FacebookDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler>("auth1", "auth1");
-            })
-            .AddFacebook(o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-            });
-
-            var forwardDefault = new TestHandler();
-            services.AddSingleton(forwardDefault);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            Assert.Equal(0, forwardDefault.AuthenticateCount);
-            Assert.Equal(0, forwardDefault.ForbidCount);
-            Assert.Equal(0, forwardDefault.ChallengeCount);
-            Assert.Equal(0, forwardDefault.SignInCount);
-            Assert.Equal(0, forwardDefault.SignOutCount);
-
-            await context.AuthenticateAsync();
-            Assert.Equal(1, forwardDefault.AuthenticateCount);
-
-            await context.ForbidAsync();
-            Assert.Equal(1, forwardDefault.ForbidCount);
-
-            await context.ChallengeAsync();
-            Assert.Equal(1, forwardDefault.ChallengeCount);
-
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
-        }
-
-        [Fact]
-        public async Task ForwardSignInThrows()
-        {
-            var services = new ServiceCollection().AddLogging();
-
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = FacebookDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-                o.AddScheme<TestHandler>("specific", "specific");
-            })
-            .AddFacebook(o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-                o.ForwardSignOut = "specific";
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
-        }
-
-        [Fact]
-        public async Task ForwardSignOutThrows()
-        {
-            var services = new ServiceCollection().AddLogging();
-
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = FacebookDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-                o.AddScheme<TestHandler>("specific", "specific");
-            })
-            .AddFacebook(o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-                o.ForwardSignOut = "specific";
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
-        }
-
-        [Fact]
-        public async Task ForwardForbidWinsOverDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
-
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = FacebookDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-                o.AddScheme<TestHandler>("specific", "specific");
-            })
-            .AddFacebook(o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-                o.ForwardForbid = "specific";
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await context.ForbidAsync();
-            Assert.Equal(0, specific.SignOutCount);
-            Assert.Equal(0, specific.AuthenticateCount);
-            Assert.Equal(1, specific.ForbidCount);
-            Assert.Equal(0, specific.ChallengeCount);
-            Assert.Equal(0, specific.SignInCount);
-
-            Assert.Equal(0, forwardDefault.AuthenticateCount);
-            Assert.Equal(0, forwardDefault.ForbidCount);
-            Assert.Equal(0, forwardDefault.ChallengeCount);
-            Assert.Equal(0, forwardDefault.SignInCount);
-            Assert.Equal(0, forwardDefault.SignOutCount);
-        }
-
-        [Fact]
-        public async Task ForwardAuthenticateWinsOverDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
-
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = FacebookDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-                o.AddScheme<TestHandler>("specific", "specific");
-            })
-            .AddFacebook(o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-                o.ForwardAuthenticate = "specific";
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await context.AuthenticateAsync();
-            Assert.Equal(0, specific.SignOutCount);
-            Assert.Equal(1, specific.AuthenticateCount);
-            Assert.Equal(0, specific.ForbidCount);
-            Assert.Equal(0, specific.ChallengeCount);
-            Assert.Equal(0, specific.SignInCount);
-
-            Assert.Equal(0, forwardDefault.AuthenticateCount);
-            Assert.Equal(0, forwardDefault.ForbidCount);
-            Assert.Equal(0, forwardDefault.ChallengeCount);
-            Assert.Equal(0, forwardDefault.SignInCount);
-            Assert.Equal(0, forwardDefault.SignOutCount);
-        }
-
-        [Fact]
-        public async Task ForwardChallengeWinsOverDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = FacebookDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler>("specific", "specific");
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-            })
-            .AddFacebook(o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-                o.ForwardChallenge = "specific";
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await context.ChallengeAsync();
-            Assert.Equal(0, specific.SignOutCount);
-            Assert.Equal(0, specific.AuthenticateCount);
-            Assert.Equal(0, specific.ForbidCount);
-            Assert.Equal(1, specific.ChallengeCount);
-            Assert.Equal(0, specific.SignInCount);
-
-            Assert.Equal(0, forwardDefault.AuthenticateCount);
-            Assert.Equal(0, forwardDefault.ForbidCount);
-            Assert.Equal(0, forwardDefault.ChallengeCount);
-            Assert.Equal(0, forwardDefault.SignInCount);
-            Assert.Equal(0, forwardDefault.SignOutCount);
-        }
-
-        [Fact]
-        public async Task ForwardSelectorWinsOverDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = FacebookDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-                o.AddScheme<TestHandler3>("selector", "selector");
-                o.AddScheme<TestHandler>("specific", "specific");
-            })
-            .AddFacebook(o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-                o.ForwardDefaultSelector = _ => "selector";
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-            var selector = new TestHandler3();
-            services.AddSingleton(selector);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await context.AuthenticateAsync();
-            Assert.Equal(1, selector.AuthenticateCount);
-
-            await context.ForbidAsync();
-            Assert.Equal(1, selector.ForbidCount);
-
-            await context.ChallengeAsync();
-            Assert.Equal(1, selector.ChallengeCount);
-
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
-
-            Assert.Equal(0, forwardDefault.AuthenticateCount);
-            Assert.Equal(0, forwardDefault.ForbidCount);
-            Assert.Equal(0, forwardDefault.ChallengeCount);
-            Assert.Equal(0, forwardDefault.SignInCount);
-            Assert.Equal(0, forwardDefault.SignOutCount);
-            Assert.Equal(0, specific.AuthenticateCount);
-            Assert.Equal(0, specific.ForbidCount);
-            Assert.Equal(0, specific.ChallengeCount);
-            Assert.Equal(0, specific.SignInCount);
-            Assert.Equal(0, specific.SignOutCount);
-        }
-
-        [Fact]
-        public async Task NullForwardSelectorUsesDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = FacebookDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-                o.AddScheme<TestHandler3>("selector", "selector");
-                o.AddScheme<TestHandler>("specific", "specific");
-            })
-            .AddFacebook(o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-                o.ForwardDefaultSelector = _ => null;
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-            var selector = new TestHandler3();
-            services.AddSingleton(selector);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await context.AuthenticateAsync();
-            Assert.Equal(1, forwardDefault.AuthenticateCount);
-
-            await context.ForbidAsync();
-            Assert.Equal(1, forwardDefault.ForbidCount);
-
-            await context.ChallengeAsync();
-            Assert.Equal(1, forwardDefault.ChallengeCount);
-
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
-
-            Assert.Equal(0, selector.AuthenticateCount);
-            Assert.Equal(0, selector.ForbidCount);
-            Assert.Equal(0, selector.ChallengeCount);
-            Assert.Equal(0, selector.SignInCount);
-            Assert.Equal(0, selector.SignOutCount);
-            Assert.Equal(0, specific.AuthenticateCount);
-            Assert.Equal(0, specific.ForbidCount);
-            Assert.Equal(0, specific.ChallengeCount);
-            Assert.Equal(0, specific.SignInCount);
-            Assert.Equal(0, specific.SignOutCount);
-        }
-
-        [Fact]
-        public async Task SpecificForwardWinsOverSelectorAndDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = FacebookDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-                o.AddScheme<TestHandler3>("selector", "selector");
-                o.AddScheme<TestHandler>("specific", "specific");
-            })
-            .AddFacebook(o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-                o.ForwardDefaultSelector = _ => "selector";
-                o.ForwardAuthenticate = "specific";
-                o.ForwardChallenge = "specific";
-                o.ForwardSignIn = "specific";
-                o.ForwardSignOut = "specific";
-                o.ForwardForbid = "specific";
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-            var selector = new TestHandler3();
-            services.AddSingleton(selector);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await context.AuthenticateAsync();
-            Assert.Equal(1, specific.AuthenticateCount);
-
-            await context.ForbidAsync();
-            Assert.Equal(1, specific.ForbidCount);
-
-            await context.ChallengeAsync();
-            Assert.Equal(1, specific.ChallengeCount);
-
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
-
-            Assert.Equal(0, forwardDefault.AuthenticateCount);
-            Assert.Equal(0, forwardDefault.ForbidCount);
-            Assert.Equal(0, forwardDefault.ChallengeCount);
-            Assert.Equal(0, forwardDefault.SignInCount);
-            Assert.Equal(0, forwardDefault.SignOutCount);
-            Assert.Equal(0, selector.AuthenticateCount);
-            Assert.Equal(0, selector.ForbidCount);
-            Assert.Equal(0, selector.ChallengeCount);
-            Assert.Equal(0, selector.SignInCount);
-            Assert.Equal(0, selector.SignOutCount);
-        }
-
-        [Fact]
-        public async Task VerifySignInSchemeCannotBeSetToSelf()
-        {
-            var server = CreateServer(
-                app => { },
-                services => services.AddAuthentication().AddFacebook(o =>
-                {
-                    o.AppId = "whatever";
-                    o.AppSecret = "whatever";
-                    o.SignInScheme = FacebookDefaults.AuthenticationScheme;
-                }),
-                async context =>
-                {
-                    await context.ChallengeAsync("Facebook");
-                    return true;
-                });
-            var error = await Assert.ThrowsAsync<InvalidOperationException>(() => server.SendAsync("https://example.com/challenge"));
-            Assert.Contains("cannot be set to itself", error.Message);
-        }
-
-        [Fact]
-        public async Task VerifySignInSchemeCannotBeSetToSelfUsingDefaultScheme()
-        {
-            var server = CreateServer(
-                app => { },
-                services => services.AddAuthentication(o => o.DefaultScheme = FacebookDefaults.AuthenticationScheme).AddFacebook(o =>
-                {
-                    o.AppId = "whatever";
-                    o.AppSecret = "whatever";
-                }),
-                async context =>
-                {
-                    await context.ChallengeAsync("Facebook");
-                    return true;
-                });
-            var error = await Assert.ThrowsAsync<InvalidOperationException>(() => server.SendAsync("https://example.com/challenge"));
-            Assert.Contains("cannot be set to itself", error.Message);
-        }
-
-        [Fact]
-        public async Task VerifySignInSchemeCannotBeSetToSelfUsingDefaultSignInScheme()
-        {
-            var server = CreateServer(
-                app => { },
-                services => services.AddAuthentication(o => o.DefaultSignInScheme = FacebookDefaults.AuthenticationScheme).AddFacebook(o =>
-                {
-                    o.AppId = "whatever";
-                    o.AppSecret = "whatever";
-                }),
-                async context =>
-                {
-                    await context.ChallengeAsync("Facebook");
-                    return true;
-                });
-            var error = await Assert.ThrowsAsync<InvalidOperationException>(() => server.SendAsync("https://example.com/challenge"));
-            Assert.Contains("cannot be set to itself", error.Message);
-        }
-
-        [Fact]
-        public async Task VerifySchemeDefaults()
-        {
-            var services = new ServiceCollection();
-            services.AddAuthentication().AddFacebook();
-            var sp = services.BuildServiceProvider();
-            var schemeProvider = sp.GetRequiredService<IAuthenticationSchemeProvider>();
-            var scheme = await schemeProvider.GetSchemeAsync(FacebookDefaults.AuthenticationScheme);
-            Assert.NotNull(scheme);
-            Assert.Equal("FacebookHandler", scheme.HandlerType.Name);
-            Assert.Equal(FacebookDefaults.AuthenticationScheme, scheme.DisplayName);
-        }
-
         [Fact]
         public async Task ThrowsIfAppIdMissing()
         {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
index 511a658ff4..19d7d898b7 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
@@ -1,16 +1,6 @@
 // Copyright (c) .NET Foundation. All rights reserved. See License.txt in the project root for license information.
 
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Net;
-using System.Net.Http;
-using System.Security.Claims;
-using System.Text;
-using System.Text.Encodings.Web;
-using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authentication.OAuth;
-using Microsoft.AspNetCore.Authentication.Tests;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Hosting;
@@ -20,433 +10,42 @@ using Microsoft.AspNetCore.WebUtilities;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging.Abstractions;
 using Newtonsoft.Json;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Net;
+using System.Net.Http;
+using System.Security.Claims;
+using System.Text;
+using System.Text.Encodings.Web;
+using System.Threading.Tasks;
 using Xunit;
 
 namespace Microsoft.AspNetCore.Authentication.Google
 {
-    public class GoogleTests
+    public class GoogleTests : RemoteAuthenticationTests<GoogleOptions>
     {
-        private void ConfigureDefaults(GoogleOptions o)
+        protected override string DefaultScheme => GoogleDefaults.AuthenticationScheme;
+        protected override Type HandlerType => typeof(GoogleHandler);
+        protected override bool SupportsSignIn { get => false; }
+        protected override bool SupportsSignOut { get => false; }
+
+        protected override void RegisterAuth(AuthenticationBuilder services, Action<GoogleOptions> configure)
+        {
+            services.AddGoogle(o =>
+            {
+                ConfigureDefaults(o);
+                configure.Invoke(o);
+            });
+        }
+
+        protected override void ConfigureDefaults(GoogleOptions o)
         {
             o.ClientId = "whatever";
             o.ClientSecret = "whatever";
             o.SignInScheme = "auth1";
         }
 
-        [Fact]
-        public async Task CanForwardDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
-
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = GoogleDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler>("auth1", "auth1");
-            })
-            .AddGoogle(o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-            });
-
-            var forwardDefault = new TestHandler();
-            services.AddSingleton(forwardDefault);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            Assert.Equal(0, forwardDefault.AuthenticateCount);
-            Assert.Equal(0, forwardDefault.ForbidCount);
-            Assert.Equal(0, forwardDefault.ChallengeCount);
-            Assert.Equal(0, forwardDefault.SignInCount);
-            Assert.Equal(0, forwardDefault.SignOutCount);
-
-            await context.AuthenticateAsync();
-            Assert.Equal(1, forwardDefault.AuthenticateCount);
-
-            await context.ForbidAsync();
-            Assert.Equal(1, forwardDefault.ForbidCount);
-
-            await context.ChallengeAsync();
-            Assert.Equal(1, forwardDefault.ChallengeCount);
-
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
-        }
-
-        [Fact]
-        public async Task ForwardSignInThrows()
-        {
-            var services = new ServiceCollection().AddLogging();
-
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = GoogleDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-                o.AddScheme<TestHandler>("specific", "specific");
-            })
-            .AddGoogle(o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-                o.ForwardSignOut = "specific";
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
-        }
-
-        [Fact]
-        public async Task ForwardSignOutThrows()
-        {
-            var services = new ServiceCollection().AddLogging();
-
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = GoogleDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-                o.AddScheme<TestHandler>("specific", "specific");
-            })
-            .AddGoogle(o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-                o.ForwardSignOut = "specific";
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
-        }
-
-        [Fact]
-        public async Task ForwardForbidWinsOverDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
-
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = GoogleDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-                o.AddScheme<TestHandler>("specific", "specific");
-            })
-            .AddGoogle(o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-                o.ForwardForbid = "specific";
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await context.ForbidAsync();
-            Assert.Equal(0, specific.SignOutCount);
-            Assert.Equal(0, specific.AuthenticateCount);
-            Assert.Equal(1, specific.ForbidCount);
-            Assert.Equal(0, specific.ChallengeCount);
-            Assert.Equal(0, specific.SignInCount);
-
-            Assert.Equal(0, forwardDefault.AuthenticateCount);
-            Assert.Equal(0, forwardDefault.ForbidCount);
-            Assert.Equal(0, forwardDefault.ChallengeCount);
-            Assert.Equal(0, forwardDefault.SignInCount);
-            Assert.Equal(0, forwardDefault.SignOutCount);
-        }
-
-        [Fact]
-        public async Task ForwardAuthenticateWinsOverDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
-
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = GoogleDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-                o.AddScheme<TestHandler>("specific", "specific");
-            })
-            .AddGoogle(o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-                o.ForwardAuthenticate = "specific";
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await context.AuthenticateAsync();
-            Assert.Equal(0, specific.SignOutCount);
-            Assert.Equal(1, specific.AuthenticateCount);
-            Assert.Equal(0, specific.ForbidCount);
-            Assert.Equal(0, specific.ChallengeCount);
-            Assert.Equal(0, specific.SignInCount);
-
-            Assert.Equal(0, forwardDefault.AuthenticateCount);
-            Assert.Equal(0, forwardDefault.ForbidCount);
-            Assert.Equal(0, forwardDefault.ChallengeCount);
-            Assert.Equal(0, forwardDefault.SignInCount);
-            Assert.Equal(0, forwardDefault.SignOutCount);
-        }
-
-        [Fact]
-        public async Task ForwardChallengeWinsOverDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = GoogleDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler>("specific", "specific");
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-            })
-            .AddGoogle(o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-                o.ForwardChallenge = "specific";
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await context.ChallengeAsync();
-            Assert.Equal(0, specific.SignOutCount);
-            Assert.Equal(0, specific.AuthenticateCount);
-            Assert.Equal(0, specific.ForbidCount);
-            Assert.Equal(1, specific.ChallengeCount);
-            Assert.Equal(0, specific.SignInCount);
-
-            Assert.Equal(0, forwardDefault.AuthenticateCount);
-            Assert.Equal(0, forwardDefault.ForbidCount);
-            Assert.Equal(0, forwardDefault.ChallengeCount);
-            Assert.Equal(0, forwardDefault.SignInCount);
-            Assert.Equal(0, forwardDefault.SignOutCount);
-        }
-
-        [Fact]
-        public async Task ForwardSelectorWinsOverDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = GoogleDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-                o.AddScheme<TestHandler3>("selector", "selector");
-                o.AddScheme<TestHandler>("specific", "specific");
-            })
-            .AddGoogle(o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-                o.ForwardDefaultSelector = _ => "selector";
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-            var selector = new TestHandler3();
-            services.AddSingleton(selector);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await context.AuthenticateAsync();
-            Assert.Equal(1, selector.AuthenticateCount);
-
-            await context.ForbidAsync();
-            Assert.Equal(1, selector.ForbidCount);
-
-            await context.ChallengeAsync();
-            Assert.Equal(1, selector.ChallengeCount);
-
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
-
-            Assert.Equal(0, forwardDefault.AuthenticateCount);
-            Assert.Equal(0, forwardDefault.ForbidCount);
-            Assert.Equal(0, forwardDefault.ChallengeCount);
-            Assert.Equal(0, forwardDefault.SignInCount);
-            Assert.Equal(0, forwardDefault.SignOutCount);
-            Assert.Equal(0, specific.AuthenticateCount);
-            Assert.Equal(0, specific.ForbidCount);
-            Assert.Equal(0, specific.ChallengeCount);
-            Assert.Equal(0, specific.SignInCount);
-            Assert.Equal(0, specific.SignOutCount);
-        }
-
-        [Fact]
-        public async Task NullForwardSelectorUsesDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = GoogleDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-                o.AddScheme<TestHandler3>("selector", "selector");
-                o.AddScheme<TestHandler>("specific", "specific");
-            })
-            .AddGoogle(o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-                o.ForwardDefaultSelector = _ => null;
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-            var selector = new TestHandler3();
-            services.AddSingleton(selector);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await context.AuthenticateAsync();
-            Assert.Equal(1, forwardDefault.AuthenticateCount);
-
-            await context.ForbidAsync();
-            Assert.Equal(1, forwardDefault.ForbidCount);
-
-            await context.ChallengeAsync();
-            Assert.Equal(1, forwardDefault.ChallengeCount);
-
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
-
-            Assert.Equal(0, selector.AuthenticateCount);
-            Assert.Equal(0, selector.ForbidCount);
-            Assert.Equal(0, selector.ChallengeCount);
-            Assert.Equal(0, selector.SignInCount);
-            Assert.Equal(0, selector.SignOutCount);
-            Assert.Equal(0, specific.AuthenticateCount);
-            Assert.Equal(0, specific.ForbidCount);
-            Assert.Equal(0, specific.ChallengeCount);
-            Assert.Equal(0, specific.SignInCount);
-            Assert.Equal(0, specific.SignOutCount);
-        }
-
-        [Fact]
-        public async Task SpecificForwardWinsOverSelectorAndDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = GoogleDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-                o.AddScheme<TestHandler3>("selector", "selector");
-                o.AddScheme<TestHandler>("specific", "specific");
-            })
-            .AddGoogle(o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-                o.ForwardDefaultSelector = _ => "selector";
-                o.ForwardAuthenticate = "specific";
-                o.ForwardChallenge = "specific";
-                o.ForwardSignIn = "specific";
-                o.ForwardSignOut = "specific";
-                o.ForwardForbid = "specific";
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-            var selector = new TestHandler3();
-            services.AddSingleton(selector);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await context.AuthenticateAsync();
-            Assert.Equal(1, specific.AuthenticateCount);
-
-            await context.ForbidAsync();
-            Assert.Equal(1, specific.ForbidCount);
-
-            await context.ChallengeAsync();
-            Assert.Equal(1, specific.ChallengeCount);
-
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
-
-            Assert.Equal(0, forwardDefault.AuthenticateCount);
-            Assert.Equal(0, forwardDefault.ForbidCount);
-            Assert.Equal(0, forwardDefault.ChallengeCount);
-            Assert.Equal(0, forwardDefault.SignInCount);
-            Assert.Equal(0, forwardDefault.SignOutCount);
-            Assert.Equal(0, selector.AuthenticateCount);
-            Assert.Equal(0, selector.ForbidCount);
-            Assert.Equal(0, selector.ChallengeCount);
-            Assert.Equal(0, selector.SignInCount);
-            Assert.Equal(0, selector.SignOutCount);
-        }
-
-        [Fact]
-        public async Task VerifySignInSchemeCannotBeSetToSelf()
-        {
-            var server = CreateServer(o =>
-            {
-                o.ClientId = "Test Id";
-                o.ClientSecret = "Test Secret";
-                o.SignInScheme = GoogleDefaults.AuthenticationScheme;
-            });
-            var error = await Assert.ThrowsAsync<InvalidOperationException>(() => server.SendAsync("https://example.com/challenge"));
-            Assert.Contains("cannot be set to itself", error.Message);
-        }
-
-        [Fact]
-        public async Task VerifySchemeDefaults()
-        {
-            var services = new ServiceCollection();
-            services.AddAuthentication().AddGoogle();
-            var sp = services.BuildServiceProvider();
-            var schemeProvider = sp.GetRequiredService<IAuthenticationSchemeProvider>();
-            var scheme = await schemeProvider.GetSchemeAsync(GoogleDefaults.AuthenticationScheme);
-            Assert.NotNull(scheme);
-            Assert.Equal("GoogleHandler", scheme.HandlerType.Name);
-            Assert.Equal(GoogleDefaults.AuthenticationScheme, scheme.DisplayName);
-        }
-
         [Fact]
         public async Task ChallengeWillTriggerRedirection()
         {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs
index d7fcdb4cad..ad77803cde 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs
@@ -1,6 +1,12 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.TestHost;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.IdentityModel.Tokens;
 using System;
 using System.IdentityModel.Tokens.Jwt;
 using System.Linq;
@@ -11,428 +17,30 @@ using System.Security.Claims;
 using System.Text;
 using System.Threading.Tasks;
 using System.Xml.Linq;
-using Microsoft.AspNetCore.Authentication.Tests;
-using Microsoft.AspNetCore.Builder;
-using Microsoft.AspNetCore.Hosting;
-using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.TestHost;
-using Microsoft.AspNetCore.Testing.xunit;
-using Microsoft.Extensions.DependencyInjection;
-using Microsoft.IdentityModel.Tokens;
 using Xunit;
 
 namespace Microsoft.AspNetCore.Authentication.JwtBearer
 {
-    public class JwtBearerTests
+    public class JwtBearerTests : SharedAuthenticationTests<JwtBearerOptions>
     {
+        protected override string DefaultScheme => JwtBearerDefaults.AuthenticationScheme;
+        protected override Type HandlerType => typeof(JwtBearerHandler);
+        protected override bool SupportsSignIn { get => false; }
+        protected override bool SupportsSignOut { get => false; }
+
+        protected override void RegisterAuth(AuthenticationBuilder services, Action<JwtBearerOptions> configure)
+        {
+            services.AddJwtBearer(o =>
+            {
+                ConfigureDefaults(o);
+                configure.Invoke(o);
+            });
+        }
+
         private void ConfigureDefaults(JwtBearerOptions o)
         {
         }
 
-        [Fact]
-        public async Task CanForwardDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
-
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler>("auth1", "auth1");
-            })
-            .AddJwtBearer(o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-            });
-
-            var forwardDefault = new TestHandler();
-            services.AddSingleton(forwardDefault);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            Assert.Equal(0, forwardDefault.AuthenticateCount);
-            Assert.Equal(0, forwardDefault.ForbidCount);
-            Assert.Equal(0, forwardDefault.ChallengeCount);
-            Assert.Equal(0, forwardDefault.SignInCount);
-            Assert.Equal(0, forwardDefault.SignOutCount);
-
-            await context.AuthenticateAsync();
-            Assert.Equal(1, forwardDefault.AuthenticateCount);
-
-            await context.ForbidAsync();
-            Assert.Equal(1, forwardDefault.ForbidCount);
-
-            await context.ChallengeAsync();
-            Assert.Equal(1, forwardDefault.ChallengeCount);
-
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
-        }
-
-        [Fact]
-        public async Task ForwardSignInThrows()
-        {
-            var services = new ServiceCollection().AddLogging();
-
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-                o.AddScheme<TestHandler>("specific", "specific");
-            })
-            .AddJwtBearer(o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-                o.ForwardSignOut = "specific";
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
-        }
-
-        [Fact]
-        public async Task ForwardSignOutThrows()
-        {
-            var services = new ServiceCollection().AddLogging();
-
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-                o.AddScheme<TestHandler>("specific", "specific");
-            })
-            .AddJwtBearer(o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-                o.ForwardSignOut = "specific";
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
-        }
-
-        [Fact]
-        public async Task ForwardForbidWinsOverDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
-
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
-                o.DefaultSignInScheme = "auth1";
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-                o.AddScheme<TestHandler>("specific", "specific");
-            })
-            .AddJwtBearer(o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-                o.ForwardForbid = "specific";
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await context.ForbidAsync();
-            Assert.Equal(0, specific.SignOutCount);
-            Assert.Equal(0, specific.AuthenticateCount);
-            Assert.Equal(1, specific.ForbidCount);
-            Assert.Equal(0, specific.ChallengeCount);
-            Assert.Equal(0, specific.SignInCount);
-
-            Assert.Equal(0, forwardDefault.AuthenticateCount);
-            Assert.Equal(0, forwardDefault.ForbidCount);
-            Assert.Equal(0, forwardDefault.ChallengeCount);
-            Assert.Equal(0, forwardDefault.SignInCount);
-            Assert.Equal(0, forwardDefault.SignOutCount);
-        }
-
-        [Fact]
-        public async Task ForwardAuthenticateWinsOverDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
-
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
-                o.DefaultSignInScheme = "auth1";
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-                o.AddScheme<TestHandler>("specific", "specific");
-            })
-            .AddJwtBearer(o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-                o.ForwardAuthenticate = "specific";
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await context.AuthenticateAsync();
-            Assert.Equal(0, specific.SignOutCount);
-            Assert.Equal(1, specific.AuthenticateCount);
-            Assert.Equal(0, specific.ForbidCount);
-            Assert.Equal(0, specific.ChallengeCount);
-            Assert.Equal(0, specific.SignInCount);
-
-            Assert.Equal(0, forwardDefault.AuthenticateCount);
-            Assert.Equal(0, forwardDefault.ForbidCount);
-            Assert.Equal(0, forwardDefault.ChallengeCount);
-            Assert.Equal(0, forwardDefault.SignInCount);
-            Assert.Equal(0, forwardDefault.SignOutCount);
-        }
-
-        [Fact]
-        public async Task ForwardChallengeWinsOverDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
-                o.DefaultSignInScheme = "auth1";
-                o.AddScheme<TestHandler>("specific", "specific");
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-            })
-            .AddJwtBearer(o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-                o.ForwardChallenge = "specific";
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await context.ChallengeAsync();
-            Assert.Equal(0, specific.SignOutCount);
-            Assert.Equal(0, specific.AuthenticateCount);
-            Assert.Equal(0, specific.ForbidCount);
-            Assert.Equal(1, specific.ChallengeCount);
-            Assert.Equal(0, specific.SignInCount);
-
-            Assert.Equal(0, forwardDefault.AuthenticateCount);
-            Assert.Equal(0, forwardDefault.ForbidCount);
-            Assert.Equal(0, forwardDefault.ChallengeCount);
-            Assert.Equal(0, forwardDefault.SignInCount);
-            Assert.Equal(0, forwardDefault.SignOutCount);
-        }
-
-        [Fact]
-        public async Task ForwardSelectorWinsOverDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-                o.AddScheme<TestHandler3>("selector", "selector");
-                o.AddScheme<TestHandler>("specific", "specific");
-            })
-            .AddJwtBearer(o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-                o.ForwardDefaultSelector = _ => "selector";
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-            var selector = new TestHandler3();
-            services.AddSingleton(selector);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await context.AuthenticateAsync();
-            Assert.Equal(1, selector.AuthenticateCount);
-
-            await context.ForbidAsync();
-            Assert.Equal(1, selector.ForbidCount);
-
-            await context.ChallengeAsync();
-            Assert.Equal(1, selector.ChallengeCount);
-
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
-
-            Assert.Equal(0, forwardDefault.AuthenticateCount);
-            Assert.Equal(0, forwardDefault.ForbidCount);
-            Assert.Equal(0, forwardDefault.ChallengeCount);
-            Assert.Equal(0, forwardDefault.SignInCount);
-            Assert.Equal(0, forwardDefault.SignOutCount);
-            Assert.Equal(0, specific.AuthenticateCount);
-            Assert.Equal(0, specific.ForbidCount);
-            Assert.Equal(0, specific.ChallengeCount);
-            Assert.Equal(0, specific.SignInCount);
-            Assert.Equal(0, specific.SignOutCount);
-        }
-
-        [Fact]
-        public async Task NullForwardSelectorUsesDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-                o.AddScheme<TestHandler3>("selector", "selector");
-                o.AddScheme<TestHandler>("specific", "specific");
-            })
-            .AddJwtBearer(o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-                o.ForwardDefaultSelector = _ => null;
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-            var selector = new TestHandler3();
-            services.AddSingleton(selector);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await context.AuthenticateAsync();
-            Assert.Equal(1, forwardDefault.AuthenticateCount);
-
-            await context.ForbidAsync();
-            Assert.Equal(1, forwardDefault.ForbidCount);
-
-            await context.ChallengeAsync();
-            Assert.Equal(1, forwardDefault.ChallengeCount);
-
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
-
-            Assert.Equal(0, selector.AuthenticateCount);
-            Assert.Equal(0, selector.ForbidCount);
-            Assert.Equal(0, selector.ChallengeCount);
-            Assert.Equal(0, selector.SignInCount);
-            Assert.Equal(0, selector.SignOutCount);
-            Assert.Equal(0, specific.AuthenticateCount);
-            Assert.Equal(0, specific.ForbidCount);
-            Assert.Equal(0, specific.ChallengeCount);
-            Assert.Equal(0, specific.SignInCount);
-            Assert.Equal(0, specific.SignOutCount);
-        }
-
-        [Fact]
-        public async Task SpecificForwardWinsOverSelectorAndDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-                o.AddScheme<TestHandler3>("selector", "selector");
-                o.AddScheme<TestHandler>("specific", "specific");
-            })
-            .AddJwtBearer(o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-                o.ForwardDefaultSelector = _ => "selector";
-                o.ForwardAuthenticate = "specific";
-                o.ForwardChallenge = "specific";
-                o.ForwardSignIn = "specific";
-                o.ForwardSignOut = "specific";
-                o.ForwardForbid = "specific";
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-            var selector = new TestHandler3();
-            services.AddSingleton(selector);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await context.AuthenticateAsync();
-            Assert.Equal(1, specific.AuthenticateCount);
-
-            await context.ForbidAsync();
-            Assert.Equal(1, specific.ForbidCount);
-
-            await context.ChallengeAsync();
-            Assert.Equal(1, specific.ChallengeCount);
-
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
-
-            Assert.Equal(0, forwardDefault.AuthenticateCount);
-            Assert.Equal(0, forwardDefault.ForbidCount);
-            Assert.Equal(0, forwardDefault.ChallengeCount);
-            Assert.Equal(0, forwardDefault.SignInCount);
-            Assert.Equal(0, forwardDefault.SignOutCount);
-            Assert.Equal(0, selector.AuthenticateCount);
-            Assert.Equal(0, selector.ForbidCount);
-            Assert.Equal(0, selector.ChallengeCount);
-            Assert.Equal(0, selector.SignInCount);
-            Assert.Equal(0, selector.SignOutCount);
-        }
-
-        [Fact]
-        public async Task VerifySchemeDefaults()
-        {
-            var services = new ServiceCollection();
-            services.AddAuthentication().AddJwtBearer();
-            var sp = services.BuildServiceProvider();
-            var schemeProvider = sp.GetRequiredService<IAuthenticationSchemeProvider>();
-            var scheme = await schemeProvider.GetSchemeAsync(JwtBearerDefaults.AuthenticationScheme);
-            Assert.NotNull(scheme);
-            Assert.Equal("JwtBearerHandler", scheme.HandlerType.Name);
-            Assert.Null(scheme.DisplayName);
-        }
-
         [Fact]
         public async Task BearerTokenValidation()
         {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs
index e2e13f270e..26a5484c83 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs
@@ -1,14 +1,5 @@
 // Copyright (c) .NET Foundation. All rights reserved. See License.txt in the project root for license information.
 
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Net;
-using System.Net.Http;
-using System.Security.Claims;
-using System.Text;
-using System.Text.Encodings.Web;
-using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authentication.MicrosoftAccount;
 using Microsoft.AspNetCore.Authentication.OAuth;
 using Microsoft.AspNetCore.Builder;
@@ -16,438 +7,44 @@ using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.TestHost;
-using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging.Abstractions;
-using Microsoft.Extensions.Options;
 using Newtonsoft.Json;
+using System;
+using System.Linq;
+using System.Net;
+using System.Net.Http;
+using System.Security.Claims;
+using System.Text;
+using System.Text.Encodings.Web;
+using System.Threading.Tasks;
 using Xunit;
 
 namespace Microsoft.AspNetCore.Authentication.Tests.MicrosoftAccount
 {
-    public class MicrosoftAccountTests
+    public class MicrosoftAccountTests : RemoteAuthenticationTests<MicrosoftAccountOptions>
     {
-        private void ConfigureDefaults(MicrosoftAccountOptions o)
+        protected override string DefaultScheme => MicrosoftAccountDefaults.AuthenticationScheme;
+        protected override Type HandlerType => typeof(MicrosoftAccountHandler);
+        protected override bool SupportsSignIn { get => false; }
+        protected override bool SupportsSignOut { get => false; }
+
+        protected override void RegisterAuth(AuthenticationBuilder services, Action<MicrosoftAccountOptions> configure)
+        {
+            services.AddMicrosoftAccount(o =>
+            {
+                ConfigureDefaults(o);
+                configure.Invoke(o);
+            });
+        }
+
+        protected override void ConfigureDefaults(MicrosoftAccountOptions o)
         {
             o.ClientId = "whatever";
             o.ClientSecret = "whatever";
             o.SignInScheme = "auth1";
         }
 
-        [Fact]
-        public async Task CanForwardDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
-
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = MicrosoftAccountDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler>("auth1", "auth1");
-            })
-            .AddMicrosoftAccount(o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-            });
-
-            var forwardDefault = new TestHandler();
-            services.AddSingleton(forwardDefault);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            Assert.Equal(0, forwardDefault.AuthenticateCount);
-            Assert.Equal(0, forwardDefault.ForbidCount);
-            Assert.Equal(0, forwardDefault.ChallengeCount);
-            Assert.Equal(0, forwardDefault.SignInCount);
-            Assert.Equal(0, forwardDefault.SignOutCount);
-
-            await context.AuthenticateAsync();
-            Assert.Equal(1, forwardDefault.AuthenticateCount);
-
-            await context.ForbidAsync();
-            Assert.Equal(1, forwardDefault.ForbidCount);
-
-            await context.ChallengeAsync();
-            Assert.Equal(1, forwardDefault.ChallengeCount);
-
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
-        }
-
-        [Fact]
-        public async Task ForwardSignInThrows()
-        {
-            var services = new ServiceCollection().AddLogging();
-
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = MicrosoftAccountDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-                o.AddScheme<TestHandler>("specific", "specific");
-            })
-            .AddMicrosoftAccount(o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-                o.ForwardSignOut = "specific";
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
-        }
-
-        [Fact]
-        public async Task ForwardSignOutThrows()
-        {
-            var services = new ServiceCollection().AddLogging();
-
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = MicrosoftAccountDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-                o.AddScheme<TestHandler>("specific", "specific");
-            })
-            .AddMicrosoftAccount(o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-                o.ForwardSignOut = "specific";
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
-        }
-
-        [Fact]
-        public async Task ForwardForbidWinsOverDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
-
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = MicrosoftAccountDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-                o.AddScheme<TestHandler>("specific", "specific");
-            })
-            .AddMicrosoftAccount(o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-                o.ForwardForbid = "specific";
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await context.ForbidAsync();
-            Assert.Equal(0, specific.SignOutCount);
-            Assert.Equal(0, specific.AuthenticateCount);
-            Assert.Equal(1, specific.ForbidCount);
-            Assert.Equal(0, specific.ChallengeCount);
-            Assert.Equal(0, specific.SignInCount);
-
-            Assert.Equal(0, forwardDefault.AuthenticateCount);
-            Assert.Equal(0, forwardDefault.ForbidCount);
-            Assert.Equal(0, forwardDefault.ChallengeCount);
-            Assert.Equal(0, forwardDefault.SignInCount);
-            Assert.Equal(0, forwardDefault.SignOutCount);
-        }
-
-        [Fact]
-        public async Task ForwardAuthenticateWinsOverDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
-
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = MicrosoftAccountDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-                o.AddScheme<TestHandler>("specific", "specific");
-            })
-            .AddMicrosoftAccount(o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-                o.ForwardAuthenticate = "specific";
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await context.AuthenticateAsync();
-            Assert.Equal(0, specific.SignOutCount);
-            Assert.Equal(1, specific.AuthenticateCount);
-            Assert.Equal(0, specific.ForbidCount);
-            Assert.Equal(0, specific.ChallengeCount);
-            Assert.Equal(0, specific.SignInCount);
-
-            Assert.Equal(0, forwardDefault.AuthenticateCount);
-            Assert.Equal(0, forwardDefault.ForbidCount);
-            Assert.Equal(0, forwardDefault.ChallengeCount);
-            Assert.Equal(0, forwardDefault.SignInCount);
-            Assert.Equal(0, forwardDefault.SignOutCount);
-        }
-
-        [Fact]
-        public async Task ForwardChallengeWinsOverDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = MicrosoftAccountDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler>("specific", "specific");
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-            })
-            .AddMicrosoftAccount(o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-                o.ForwardChallenge = "specific";
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await context.ChallengeAsync();
-            Assert.Equal(0, specific.SignOutCount);
-            Assert.Equal(0, specific.AuthenticateCount);
-            Assert.Equal(0, specific.ForbidCount);
-            Assert.Equal(1, specific.ChallengeCount);
-            Assert.Equal(0, specific.SignInCount);
-
-            Assert.Equal(0, forwardDefault.AuthenticateCount);
-            Assert.Equal(0, forwardDefault.ForbidCount);
-            Assert.Equal(0, forwardDefault.ChallengeCount);
-            Assert.Equal(0, forwardDefault.SignInCount);
-            Assert.Equal(0, forwardDefault.SignOutCount);
-        }
-
-        [Fact]
-        public async Task ForwardSelectorWinsOverDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = MicrosoftAccountDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-                o.AddScheme<TestHandler3>("selector", "selector");
-                o.AddScheme<TestHandler>("specific", "specific");
-            })
-            .AddMicrosoftAccount(o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-                o.ForwardDefaultSelector = _ => "selector";
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-            var selector = new TestHandler3();
-            services.AddSingleton(selector);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await context.AuthenticateAsync();
-            Assert.Equal(1, selector.AuthenticateCount);
-
-            await context.ForbidAsync();
-            Assert.Equal(1, selector.ForbidCount);
-
-            await context.ChallengeAsync();
-            Assert.Equal(1, selector.ChallengeCount);
-
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
-
-            Assert.Equal(0, forwardDefault.AuthenticateCount);
-            Assert.Equal(0, forwardDefault.ForbidCount);
-            Assert.Equal(0, forwardDefault.ChallengeCount);
-            Assert.Equal(0, forwardDefault.SignInCount);
-            Assert.Equal(0, forwardDefault.SignOutCount);
-            Assert.Equal(0, specific.AuthenticateCount);
-            Assert.Equal(0, specific.ForbidCount);
-            Assert.Equal(0, specific.ChallengeCount);
-            Assert.Equal(0, specific.SignInCount);
-            Assert.Equal(0, specific.SignOutCount);
-        }
-
-        [Fact]
-        public async Task NullForwardSelectorUsesDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = MicrosoftAccountDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-                o.AddScheme<TestHandler3>("selector", "selector");
-                o.AddScheme<TestHandler>("specific", "specific");
-            })
-            .AddMicrosoftAccount(o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-                o.ForwardDefaultSelector = _ => null;
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-            var selector = new TestHandler3();
-            services.AddSingleton(selector);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await context.AuthenticateAsync();
-            Assert.Equal(1, forwardDefault.AuthenticateCount);
-
-            await context.ForbidAsync();
-            Assert.Equal(1, forwardDefault.ForbidCount);
-
-            await context.ChallengeAsync();
-            Assert.Equal(1, forwardDefault.ChallengeCount);
-
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
-
-            Assert.Equal(0, selector.AuthenticateCount);
-            Assert.Equal(0, selector.ForbidCount);
-            Assert.Equal(0, selector.ChallengeCount);
-            Assert.Equal(0, selector.SignInCount);
-            Assert.Equal(0, selector.SignOutCount);
-            Assert.Equal(0, specific.AuthenticateCount);
-            Assert.Equal(0, specific.ForbidCount);
-            Assert.Equal(0, specific.ChallengeCount);
-            Assert.Equal(0, specific.SignInCount);
-            Assert.Equal(0, specific.SignOutCount);
-        }
-
-        [Fact]
-        public async Task SpecificForwardWinsOverSelectorAndDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = MicrosoftAccountDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-                o.AddScheme<TestHandler3>("selector", "selector");
-                o.AddScheme<TestHandler>("specific", "specific");
-            })
-            .AddMicrosoftAccount(o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-                o.ForwardDefaultSelector = _ => "selector";
-                o.ForwardAuthenticate = "specific";
-                o.ForwardChallenge = "specific";
-                o.ForwardSignIn = "specific";
-                o.ForwardSignOut = "specific";
-                o.ForwardForbid = "specific";
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-            var selector = new TestHandler3();
-            services.AddSingleton(selector);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await context.AuthenticateAsync();
-            Assert.Equal(1, specific.AuthenticateCount);
-
-            await context.ForbidAsync();
-            Assert.Equal(1, specific.ForbidCount);
-
-            await context.ChallengeAsync();
-            Assert.Equal(1, specific.ChallengeCount);
-
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
-
-            Assert.Equal(0, forwardDefault.AuthenticateCount);
-            Assert.Equal(0, forwardDefault.ForbidCount);
-            Assert.Equal(0, forwardDefault.ChallengeCount);
-            Assert.Equal(0, forwardDefault.SignInCount);
-            Assert.Equal(0, forwardDefault.SignOutCount);
-            Assert.Equal(0, selector.AuthenticateCount);
-            Assert.Equal(0, selector.ForbidCount);
-            Assert.Equal(0, selector.ChallengeCount);
-            Assert.Equal(0, selector.SignInCount);
-            Assert.Equal(0, selector.SignOutCount);
-        }
-
-        [Fact]
-        public async Task VerifySignInSchemeCannotBeSetToSelf()
-        {
-            var server = CreateServer(o =>
-            {
-                o.ClientId = "Test Id";
-                o.ClientSecret = "Test Secret";
-                o.SignInScheme = MicrosoftAccountDefaults.AuthenticationScheme;
-            });
-            var error = await Assert.ThrowsAsync<InvalidOperationException>(() => server.SendAsync("https://example.com/challenge"));
-            Assert.Contains("cannot be set to itself", error.Message);
-        }
-
-        [Fact]
-        public async Task VerifySchemeDefaults()
-        {
-            var services = new ServiceCollection();
-            services.AddAuthentication().AddMicrosoftAccount();
-            var sp = services.BuildServiceProvider();
-            var schemeProvider = sp.GetRequiredService<IAuthenticationSchemeProvider>();
-            var scheme = await schemeProvider.GetSchemeAsync(MicrosoftAccountDefaults.AuthenticationScheme);
-            Assert.NotNull(scheme);
-            Assert.Equal("MicrosoftAccountHandler", scheme.HandlerType.Name);
-            Assert.Equal(MicrosoftAccountDefaults.AuthenticationScheme, scheme.DisplayName);
-        }
-
         [Fact]
         public async Task ChallengeWillTriggerApplyRedirectEvent()
         {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
index 4b822b611f..87131b8d7b 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
@@ -1,447 +1,34 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using System;
-using System.Collections.Generic;
-using System.Net;
-using System.Security.Claims;
-using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authentication.Cookies;
-using Microsoft.AspNetCore.Authentication.Tests;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.TestHost;
 using Microsoft.Extensions.DependencyInjection;
+using System;
+using System.Collections.Generic;
+using System.Net;
+using System.Threading.Tasks;
 using Xunit;
 
 namespace Microsoft.AspNetCore.Authentication.OAuth
 {
-    public class OAuthTests
+    public class OAuthTests : RemoteAuthenticationTests<OAuthOptions>
     {
-        [Fact]
-        public async Task CanForwardDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
+        protected override string DefaultScheme => OAuthDefaults.DisplayName;
+        protected override Type HandlerType => typeof(OAuthHandler<OAuthOptions>);
+        protected override bool SupportsSignIn { get => false; }
+        protected override bool SupportsSignOut { get => false; }
 
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = "default";
-                o.AddScheme<TestHandler>("auth1", "auth1");
-            })
-            .AddOAuth("default", o =>
+        protected override void RegisterAuth(AuthenticationBuilder services, Action<OAuthOptions> configure)
+        {
+            services.AddOAuth(DefaultScheme, o =>
             {
                 ConfigureDefaults(o);
-                o.SignInScheme = "auth1";
-                o.ForwardDefault = "auth1";
+                configure.Invoke(o);
             });
-
-            var forwardDefault = new TestHandler();
-            services.AddSingleton(forwardDefault);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            Assert.Equal(0, forwardDefault.AuthenticateCount);
-            Assert.Equal(0, forwardDefault.ForbidCount);
-            Assert.Equal(0, forwardDefault.ChallengeCount);
-            Assert.Equal(0, forwardDefault.SignInCount);
-            Assert.Equal(0, forwardDefault.SignOutCount);
-
-            await context.AuthenticateAsync();
-            Assert.Equal(1, forwardDefault.AuthenticateCount);
-
-            await context.ForbidAsync();
-            Assert.Equal(1, forwardDefault.ForbidCount);
-
-            await context.ChallengeAsync();
-            Assert.Equal(1, forwardDefault.ChallengeCount);
-
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
-        }
-
-        [Fact]
-        public async Task ForwardSignInThrows()
-        {
-            var services = new ServiceCollection().AddLogging();
-
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = "default";
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-                o.AddScheme<TestHandler>("specific", "specific");
-            })
-            .AddOAuth("default", o =>
-            {
-                ConfigureDefaults(o);
-                o.SignInScheme = "auth1";
-                o.ForwardDefault = "auth1";
-                o.ForwardSignOut = "specific";
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
-        }
-
-        [Fact]
-        public async Task ForwardSignOutThrows()
-        {
-            var services = new ServiceCollection().AddLogging();
-
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = "default";
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-                o.AddScheme<TestHandler>("specific", "specific");
-            })
-            .AddOAuth("default", o =>
-            {
-                ConfigureDefaults(o);
-                o.SignInScheme = "auth1";
-                o.ForwardDefault = "auth1";
-                o.ForwardSignOut = "specific";
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
-        }
-
-        [Fact]
-        public async Task ForwardForbidWinsOverDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
-
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = "default";
-                o.DefaultSignInScheme = "auth1";
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-                o.AddScheme<TestHandler>("specific", "specific");
-            })
-            .AddOAuth("default", o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-                o.ForwardForbid = "specific";
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await context.ForbidAsync();
-            Assert.Equal(0, specific.SignOutCount);
-            Assert.Equal(0, specific.AuthenticateCount);
-            Assert.Equal(1, specific.ForbidCount);
-            Assert.Equal(0, specific.ChallengeCount);
-            Assert.Equal(0, specific.SignInCount);
-
-            Assert.Equal(0, forwardDefault.AuthenticateCount);
-            Assert.Equal(0, forwardDefault.ForbidCount);
-            Assert.Equal(0, forwardDefault.ChallengeCount);
-            Assert.Equal(0, forwardDefault.SignInCount);
-            Assert.Equal(0, forwardDefault.SignOutCount);
-        }
-
-        [Fact]
-        public async Task ForwardAuthenticateWinsOverDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
-
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = "default";
-                o.DefaultSignInScheme = "auth1";
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-                o.AddScheme<TestHandler>("specific", "specific");
-            })
-            .AddOAuth("default", o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-                o.ForwardAuthenticate = "specific";
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await context.AuthenticateAsync();
-            Assert.Equal(0, specific.SignOutCount);
-            Assert.Equal(1, specific.AuthenticateCount);
-            Assert.Equal(0, specific.ForbidCount);
-            Assert.Equal(0, specific.ChallengeCount);
-            Assert.Equal(0, specific.SignInCount);
-
-            Assert.Equal(0, forwardDefault.AuthenticateCount);
-            Assert.Equal(0, forwardDefault.ForbidCount);
-            Assert.Equal(0, forwardDefault.ChallengeCount);
-            Assert.Equal(0, forwardDefault.SignInCount);
-            Assert.Equal(0, forwardDefault.SignOutCount);
-        }
-
-        [Fact]
-        public async Task ForwardChallengeWinsOverDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = "default";
-                o.DefaultSignInScheme = "auth1";
-                o.AddScheme<TestHandler>("specific", "specific");
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-            })
-            .AddOAuth("default", o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-                o.ForwardChallenge = "specific";
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await context.ChallengeAsync();
-            Assert.Equal(0, specific.SignOutCount);
-            Assert.Equal(0, specific.AuthenticateCount);
-            Assert.Equal(0, specific.ForbidCount);
-            Assert.Equal(1, specific.ChallengeCount);
-            Assert.Equal(0, specific.SignInCount);
-
-            Assert.Equal(0, forwardDefault.AuthenticateCount);
-            Assert.Equal(0, forwardDefault.ForbidCount);
-            Assert.Equal(0, forwardDefault.ChallengeCount);
-            Assert.Equal(0, forwardDefault.SignInCount);
-            Assert.Equal(0, forwardDefault.SignOutCount);
-        }
-
-        [Fact]
-        public async Task ForwardSelectorWinsOverDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = "default";
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-                o.AddScheme<TestHandler3>("selector", "selector");
-                o.AddScheme<TestHandler>("specific", "specific");
-            })
-            .AddOAuth("default", o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-                o.ForwardDefaultSelector = _ => "selector";
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-            var selector = new TestHandler3();
-            services.AddSingleton(selector);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await context.AuthenticateAsync();
-            Assert.Equal(1, selector.AuthenticateCount);
-
-            await context.ForbidAsync();
-            Assert.Equal(1, selector.ForbidCount);
-
-            await context.ChallengeAsync();
-            Assert.Equal(1, selector.ChallengeCount);
-
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
-
-            Assert.Equal(0, forwardDefault.AuthenticateCount);
-            Assert.Equal(0, forwardDefault.ForbidCount);
-            Assert.Equal(0, forwardDefault.ChallengeCount);
-            Assert.Equal(0, forwardDefault.SignInCount);
-            Assert.Equal(0, forwardDefault.SignOutCount);
-            Assert.Equal(0, specific.AuthenticateCount);
-            Assert.Equal(0, specific.ForbidCount);
-            Assert.Equal(0, specific.ChallengeCount);
-            Assert.Equal(0, specific.SignInCount);
-            Assert.Equal(0, specific.SignOutCount);
-        }
-
-        [Fact]
-        public async Task NullForwardSelectorUsesDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = "default";
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-                o.AddScheme<TestHandler3>("selector", "selector");
-                o.AddScheme<TestHandler>("specific", "specific");
-            })
-            .AddOAuth("default", o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-                o.ForwardDefaultSelector = _ => null;
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-            var selector = new TestHandler3();
-            services.AddSingleton(selector);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await context.AuthenticateAsync();
-            Assert.Equal(1, forwardDefault.AuthenticateCount);
-
-            await context.ForbidAsync();
-            Assert.Equal(1, forwardDefault.ForbidCount);
-
-            await context.ChallengeAsync();
-            Assert.Equal(1, forwardDefault.ChallengeCount);
-
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
-
-            Assert.Equal(0, selector.AuthenticateCount);
-            Assert.Equal(0, selector.ForbidCount);
-            Assert.Equal(0, selector.ChallengeCount);
-            Assert.Equal(0, selector.SignInCount);
-            Assert.Equal(0, selector.SignOutCount);
-            Assert.Equal(0, specific.AuthenticateCount);
-            Assert.Equal(0, specific.ForbidCount);
-            Assert.Equal(0, specific.ChallengeCount);
-            Assert.Equal(0, specific.SignInCount);
-            Assert.Equal(0, specific.SignOutCount);
-        }
-
-        [Fact]
-        public async Task SpecificForwardWinsOverSelectorAndDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = "default";
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-                o.AddScheme<TestHandler3>("selector", "selector");
-                o.AddScheme<TestHandler>("specific", "specific");
-            })
-            .AddOAuth("default", o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-                o.ForwardDefaultSelector = _ => "selector";
-                o.ForwardAuthenticate = "specific";
-                o.ForwardChallenge = "specific";
-                o.ForwardSignIn = "specific";
-                o.ForwardSignOut = "specific";
-                o.ForwardForbid = "specific";
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-            var selector = new TestHandler3();
-            services.AddSingleton(selector);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await context.AuthenticateAsync();
-            Assert.Equal(1, specific.AuthenticateCount);
-
-            await context.ForbidAsync();
-            Assert.Equal(1, specific.ForbidCount);
-
-            await context.ChallengeAsync();
-            Assert.Equal(1, specific.ChallengeCount);
-
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
-
-            Assert.Equal(0, forwardDefault.AuthenticateCount);
-            Assert.Equal(0, forwardDefault.ForbidCount);
-            Assert.Equal(0, forwardDefault.ChallengeCount);
-            Assert.Equal(0, forwardDefault.SignInCount);
-            Assert.Equal(0, forwardDefault.SignOutCount);
-            Assert.Equal(0, selector.AuthenticateCount);
-            Assert.Equal(0, selector.ForbidCount);
-            Assert.Equal(0, selector.ChallengeCount);
-            Assert.Equal(0, selector.SignInCount);
-            Assert.Equal(0, selector.SignOutCount);
-        }
-
-
-        [Fact]
-        public async Task VerifySignInSchemeCannotBeSetToSelf()
-        {
-            var server = CreateServer(
-                services => services.AddAuthentication().AddOAuth("weeblie", o =>
-                {
-                    o.SignInScheme = "weeblie";
-                    o.ClientId = "whatever";
-                    o.ClientSecret = "whatever";
-                    o.CallbackPath = "/whatever";
-                    o.AuthorizationEndpoint = "/whatever";
-                    o.TokenEndpoint = "/whatever";
-                }));
-            var error = await Assert.ThrowsAsync<InvalidOperationException>(() => server.SendAsync("https://example.com/"));
-            Assert.Contains("cannot be set to itself", error.Message);
-        }
-
-        [Fact]
-        public async Task VerifySchemeDefaults()
-        {
-            var services = new ServiceCollection();
-            services.AddAuthentication().AddOAuth("oauth", o => { });
-            var sp = services.BuildServiceProvider();
-            var schemeProvider = sp.GetRequiredService<IAuthenticationSchemeProvider>();
-            var scheme = await schemeProvider.GetSchemeAsync("oauth");
-            Assert.NotNull(scheme);
-            Assert.Equal("OAuthHandler`1", scheme.HandlerType.Name);
-            Assert.Equal(OAuthDefaults.DisplayName, scheme.DisplayName);
         }
 
         [Fact]
@@ -654,7 +241,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
             Assert.Contains("scope=baz%20qux", res.Headers.Location.Query);
         }
 
-        private void ConfigureDefaults(OAuthOptions o)
+        protected override void ConfigureDefaults(OAuthOptions o)
         {
             o.ClientId = "Test Id";
             o.ClientSecret = "secret";
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/RemoteAuthenticationTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/RemoteAuthenticationTests.cs
new file mode 100644
index 0000000000..d477e75347
--- /dev/null
+++ b/test/Microsoft.AspNetCore.Authentication.Test/RemoteAuthenticationTests.cs
@@ -0,0 +1,92 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.TestHost;
+using Microsoft.Extensions.DependencyInjection;
+using System;
+using System.Threading.Tasks;
+using Xunit;
+
+namespace Microsoft.AspNetCore.Authentication
+{
+    public abstract class RemoteAuthenticationTests<TOptions> : SharedAuthenticationTests<TOptions> where TOptions : RemoteAuthenticationOptions
+    {
+        protected override string DisplayName => DefaultScheme;
+
+        private TestServer CreateServer(Action<TOptions> configureOptions, Func<HttpContext, Task> testpath = null, bool isDefault = true)
+            => CreateServerWithServices(s =>
+            {
+                var builder = s.AddAuthentication();
+                if (isDefault)
+                {
+                    s.Configure<AuthenticationOptions>(o => o.DefaultScheme = DefaultScheme);
+                }
+                RegisterAuth(builder, configureOptions);
+                s.AddSingleton<ISystemClock>(Clock);
+            }, testpath);
+
+
+        protected virtual TestServer CreateServerWithServices(Action<IServiceCollection> configureServices, Func<HttpContext, Task> testpath = null)
+        {
+            //private static TestServer CreateServer(Action<IApplicationBuilder> configure, Action<IServiceCollection> configureServices, Func<HttpContext, Task<bool>> handler)
+            var builder = new WebHostBuilder()
+                .Configure(app =>
+                {
+                    app.Use(async (context, next) =>
+                    {
+                        if (testpath != null)
+                        {
+                            await testpath(context);
+                        }
+                        await next();
+                    });
+                })
+                .ConfigureServices(configureServices);
+            return new TestServer(builder);
+        }
+
+        protected abstract void ConfigureDefaults(TOptions o);
+
+        [Fact]
+        public async Task VerifySignInSchemeCannotBeSetToSelf()
+        {
+            var server = CreateServer(
+                o => 
+                {
+                    ConfigureDefaults(o);
+                    o.SignInScheme = DefaultScheme;
+                },
+                context => context.ChallengeAsync(DefaultScheme));
+            var error = await Assert.ThrowsAsync<InvalidOperationException>(() => server.SendAsync("https://example.com/challenge"));
+            Assert.Contains("cannot be set to itself", error.Message);
+        }
+
+        [Fact]
+        public async Task VerifySignInSchemeCannotBeSetToSelfUsingDefaultScheme()
+        {
+            var server = CreateServer(
+                o => o.SignInScheme = null,
+                context => context.ChallengeAsync(DefaultScheme),
+                isDefault: true);
+            var error = await Assert.ThrowsAsync<InvalidOperationException>(() => server.SendAsync("https://example.com/challenge"));
+            Assert.Contains("cannot be set to itself", error.Message);
+        }
+
+        [Fact]
+        public async Task VerifySignInSchemeCannotBeSetToSelfUsingDefaultSignInScheme()
+        {
+            var server = CreateServerWithServices(
+                services =>
+                {
+                    var builder = services.AddAuthentication(o => o.DefaultSignInScheme = DefaultScheme);
+                    RegisterAuth(builder, o => o.SignInScheme = null);
+                },
+                context => context.ChallengeAsync(DefaultScheme));
+            var error = await Assert.ThrowsAsync<InvalidOperationException>(() => server.SendAsync("https://example.com/challenge"));
+            Assert.Contains("cannot be set to itself", error.Message);
+        }
+    }
+}
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/SharedAuthenticationTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/SharedAuthenticationTests.cs
new file mode 100644
index 0000000000..4590c4915d
--- /dev/null
+++ b/test/Microsoft.AspNetCore.Authentication.Test/SharedAuthenticationTests.cs
@@ -0,0 +1,510 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNetCore.Authentication.Tests;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.DependencyInjection;
+using System;
+using System.Security.Claims;
+using System.Threading.Tasks;
+using Xunit;
+
+namespace Microsoft.AspNetCore.Authentication
+{
+    public abstract class SharedAuthenticationTests<TOptions> where TOptions : AuthenticationSchemeOptions
+    {
+        protected TestClock Clock { get; } = new TestClock();
+
+        protected abstract string DefaultScheme { get; }
+        protected virtual string DisplayName { get; }
+        protected abstract Type HandlerType { get; }
+
+        protected virtual bool SupportsSignIn { get => true; }
+        protected virtual bool SupportsSignOut { get => true; }
+
+        protected abstract void RegisterAuth(AuthenticationBuilder services, Action<TOptions> configure);
+
+        [Fact]
+        public async Task CanForwardDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+
+            var builder = services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = DefaultScheme;
+                o.AddScheme<TestHandler>("auth1", "auth1");
+            });
+            RegisterAuth(builder, o => o.ForwardDefault = "auth1");
+
+            var forwardDefault = new TestHandler();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+
+            await context.AuthenticateAsync();
+            Assert.Equal(1, forwardDefault.AuthenticateCount);
+
+            await context.ForbidAsync();
+            Assert.Equal(1, forwardDefault.ForbidCount);
+
+            await context.ChallengeAsync();
+            Assert.Equal(1, forwardDefault.ChallengeCount);
+
+            if (SupportsSignOut)
+            {
+                await context.SignOutAsync();
+                Assert.Equal(1, forwardDefault.SignOutCount);
+            }
+            else
+            {
+                await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
+            }
+
+            if (SupportsSignIn)
+            {
+                await context.SignInAsync(new ClaimsPrincipal());
+                Assert.Equal(1, forwardDefault.SignInCount);
+            }
+            else
+            {
+                await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
+            }
+        }
+
+        [Fact]
+        public async Task ForwardSignInWinsOverDefault()
+        {
+            if (SupportsSignIn)
+            {
+                var services = new ServiceCollection().AddLogging();
+
+                var builder = services.AddAuthentication(o =>
+                {
+                    o.DefaultScheme = DefaultScheme;
+                    o.AddScheme<TestHandler2>("auth1", "auth1");
+                    o.AddScheme<TestHandler>("specific", "specific");
+                });
+                RegisterAuth(builder, o =>
+                {
+                    o.ForwardDefault = "auth1";
+                    o.ForwardSignIn = "specific";
+                });
+
+                var specific = new TestHandler();
+                services.AddSingleton(specific);
+                var forwardDefault = new TestHandler2();
+                services.AddSingleton(forwardDefault);
+
+                var sp = services.BuildServiceProvider();
+                var context = new DefaultHttpContext();
+                context.RequestServices = sp;
+
+                await context.SignInAsync(new ClaimsPrincipal());
+                Assert.Equal(1, specific.SignInCount);
+                Assert.Equal(0, specific.AuthenticateCount);
+                Assert.Equal(0, specific.ForbidCount);
+                Assert.Equal(0, specific.ChallengeCount);
+                Assert.Equal(0, specific.SignOutCount);
+
+                Assert.Equal(0, forwardDefault.AuthenticateCount);
+                Assert.Equal(0, forwardDefault.ForbidCount);
+                Assert.Equal(0, forwardDefault.ChallengeCount);
+                Assert.Equal(0, forwardDefault.SignInCount);
+                Assert.Equal(0, forwardDefault.SignOutCount);
+            }
+        }
+
+        [Fact]
+        public async Task ForwardSignOutWinsOverDefault()
+        {
+            if (SupportsSignOut)
+            {
+                var services = new ServiceCollection().AddLogging();
+                var builder = services.AddAuthentication(o =>
+                {
+                    o.DefaultScheme = DefaultScheme;
+                    o.AddScheme<TestHandler2>("auth1", "auth1");
+                    o.AddScheme<TestHandler>("specific", "specific");
+                });
+                RegisterAuth(builder, o =>
+                {
+                    o.ForwardDefault = "auth1";
+                    o.ForwardSignOut = "specific";
+                });
+
+                var specific = new TestHandler();
+                services.AddSingleton(specific);
+                var forwardDefault = new TestHandler2();
+                services.AddSingleton(forwardDefault);
+
+                var sp = services.BuildServiceProvider();
+                var context = new DefaultHttpContext();
+                context.RequestServices = sp;
+
+                await context.SignOutAsync();
+                Assert.Equal(1, specific.SignOutCount);
+                Assert.Equal(0, specific.AuthenticateCount);
+                Assert.Equal(0, specific.ForbidCount);
+                Assert.Equal(0, specific.ChallengeCount);
+                Assert.Equal(0, specific.SignInCount);
+
+                Assert.Equal(0, forwardDefault.AuthenticateCount);
+                Assert.Equal(0, forwardDefault.ForbidCount);
+                Assert.Equal(0, forwardDefault.ChallengeCount);
+                Assert.Equal(0, forwardDefault.SignInCount);
+                Assert.Equal(0, forwardDefault.SignOutCount);
+            }
+        }
+
+        [Fact]
+        public async Task ForwardForbidWinsOverDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+            var builder = services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = DefaultScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler>("specific", "specific");
+            });
+            RegisterAuth(builder, o =>
+            {
+                o.ForwardDefault = "auth1";
+                o.ForwardForbid = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.ForbidAsync();
+            Assert.Equal(0, specific.SignOutCount);
+            Assert.Equal(0, specific.AuthenticateCount);
+            Assert.Equal(1, specific.ForbidCount);
+            Assert.Equal(0, specific.ChallengeCount);
+            Assert.Equal(0, specific.SignInCount);
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+        }
+
+        [Fact]
+        public async Task ForwardAuthenticateWinsOverDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+            var builder = services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = DefaultScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler>("specific", "specific");
+            });
+            RegisterAuth(builder, o =>
+            {
+                o.ForwardDefault = "auth1";
+                o.ForwardAuthenticate = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.AuthenticateAsync();
+            Assert.Equal(0, specific.SignOutCount);
+            Assert.Equal(1, specific.AuthenticateCount);
+            Assert.Equal(0, specific.ForbidCount);
+            Assert.Equal(0, specific.ChallengeCount);
+            Assert.Equal(0, specific.SignInCount);
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+        }
+
+        [Fact]
+        public async Task ForwardChallengeWinsOverDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+            var builder = services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = DefaultScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler>("specific", "specific");
+            });
+            RegisterAuth(builder, o =>
+            {
+                o.ForwardDefault = "auth1";
+                o.ForwardChallenge = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.ChallengeAsync();
+            Assert.Equal(0, specific.SignOutCount);
+            Assert.Equal(0, specific.AuthenticateCount);
+            Assert.Equal(0, specific.ForbidCount);
+            Assert.Equal(1, specific.ChallengeCount);
+            Assert.Equal(0, specific.SignInCount);
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+        }
+
+        [Fact]
+        public async Task ForwardSelectorWinsOverDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+            var builder = services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = DefaultScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler3>("selector", "selector");
+                o.AddScheme<TestHandler>("specific", "specific");
+            });
+            RegisterAuth(builder, o =>
+            {
+                o.ForwardDefault = "auth1";
+                o.ForwardDefaultSelector = _ => "selector";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+            var selector = new TestHandler3();
+            services.AddSingleton(selector);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.AuthenticateAsync();
+            Assert.Equal(1, selector.AuthenticateCount);
+
+            await context.ForbidAsync();
+            Assert.Equal(1, selector.ForbidCount);
+
+            await context.ChallengeAsync();
+            Assert.Equal(1, selector.ChallengeCount);
+
+            if (SupportsSignOut)
+            {
+                await context.SignOutAsync();
+                Assert.Equal(1, selector.SignOutCount);
+            }
+            else
+            {
+                await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
+            }
+
+            if (SupportsSignIn)
+            {
+                await context.SignInAsync(new ClaimsPrincipal());
+                Assert.Equal(1, selector.SignInCount);
+            }
+            else
+            {
+                await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
+            }
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+            Assert.Equal(0, specific.AuthenticateCount);
+            Assert.Equal(0, specific.ForbidCount);
+            Assert.Equal(0, specific.ChallengeCount);
+            Assert.Equal(0, specific.SignInCount);
+            Assert.Equal(0, specific.SignOutCount);
+        }
+
+        [Fact]
+        public async Task NullForwardSelectorUsesDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+            var builder = services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = DefaultScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler3>("selector", "selector");
+                o.AddScheme<TestHandler>("specific", "specific");
+            });
+            RegisterAuth(builder, o =>
+            {
+                o.ForwardDefault = "auth1";
+                o.ForwardDefaultSelector = _ => null;
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+            var selector = new TestHandler3();
+            services.AddSingleton(selector);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.AuthenticateAsync();
+            Assert.Equal(1, forwardDefault.AuthenticateCount);
+
+            await context.ForbidAsync();
+            Assert.Equal(1, forwardDefault.ForbidCount);
+
+            await context.ChallengeAsync();
+            Assert.Equal(1, forwardDefault.ChallengeCount);
+
+            if (SupportsSignOut)
+            {
+                await context.SignOutAsync();
+                Assert.Equal(1, forwardDefault.SignOutCount);
+            }
+            else
+            {
+                await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
+            }
+
+            if (SupportsSignIn)
+            {
+                await context.SignInAsync(new ClaimsPrincipal());
+                Assert.Equal(1, forwardDefault.SignInCount);
+            }
+            else
+            {
+                await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
+            }
+
+            Assert.Equal(0, selector.AuthenticateCount);
+            Assert.Equal(0, selector.ForbidCount);
+            Assert.Equal(0, selector.ChallengeCount);
+            Assert.Equal(0, selector.SignInCount);
+            Assert.Equal(0, selector.SignOutCount);
+            Assert.Equal(0, specific.AuthenticateCount);
+            Assert.Equal(0, specific.ForbidCount);
+            Assert.Equal(0, specific.ChallengeCount);
+            Assert.Equal(0, specific.SignInCount);
+            Assert.Equal(0, specific.SignOutCount);
+        }
+
+        [Fact]
+        public async Task SpecificForwardWinsOverSelectorAndDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+            var builder = services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = DefaultScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler3>("selector", "selector");
+                o.AddScheme<TestHandler>("specific", "specific");
+            });
+            RegisterAuth(builder, o =>
+            {
+                o.ForwardDefault = "auth1";
+                o.ForwardDefaultSelector = _ => "selector";
+                o.ForwardAuthenticate = "specific";
+                o.ForwardChallenge = "specific";
+                o.ForwardSignIn = "specific";
+                o.ForwardSignOut = "specific";
+                o.ForwardForbid = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+            var selector = new TestHandler3();
+            services.AddSingleton(selector);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.AuthenticateAsync();
+            Assert.Equal(1, specific.AuthenticateCount);
+
+            await context.ForbidAsync();
+            Assert.Equal(1, specific.ForbidCount);
+
+            await context.ChallengeAsync();
+            Assert.Equal(1, specific.ChallengeCount);
+
+            if (SupportsSignOut)
+            {
+                await context.SignOutAsync();
+                Assert.Equal(1, specific.SignOutCount);
+            }
+            else
+            {
+                await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
+            }
+
+            if (SupportsSignIn)
+            {
+                await context.SignInAsync(new ClaimsPrincipal());
+                Assert.Equal(1, specific.SignInCount);
+            }
+            else
+            {
+                await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
+            }
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+            Assert.Equal(0, selector.AuthenticateCount);
+            Assert.Equal(0, selector.ForbidCount);
+            Assert.Equal(0, selector.ChallengeCount);
+            Assert.Equal(0, selector.SignInCount);
+            Assert.Equal(0, selector.SignOutCount);
+        }
+
+        [Fact]
+        public async Task VerifySchemeDefaults()
+        {
+            var services = new ServiceCollection();
+            var builder = services.AddAuthentication();
+            RegisterAuth(builder, o => { });
+            var sp = services.BuildServiceProvider();
+            var schemeProvider = sp.GetRequiredService<IAuthenticationSchemeProvider>();
+            var scheme = await schemeProvider.GetSchemeAsync(DefaultScheme);
+            Assert.NotNull(scheme);
+            Assert.Equal(HandlerType, scheme.HandlerType);
+            Assert.Equal(DisplayName, scheme.DisplayName);
+        }
+    }
+}
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
index c1937d136c..c438b1f3f7 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
@@ -1,5 +1,11 @@
 // Copyright (c) .NET Foundation. All rights reserved. See License.txt in the project root for license information.
 
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.TestHost;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Net.Http.Headers;
 using System;
 using System.Linq;
 using System.Net;
@@ -7,440 +13,33 @@ using System.Net.Http;
 using System.Security.Claims;
 using System.Text;
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.Authentication.Tests;
-using Microsoft.AspNetCore.Builder;
-using Microsoft.AspNetCore.Hosting;
-using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.TestHost;
-using Microsoft.Extensions.DependencyInjection;
-using Microsoft.Net.Http.Headers;
 using Xunit;
 
 namespace Microsoft.AspNetCore.Authentication.Twitter
 {
-    public class TwitterTests
+    public class TwitterTests : RemoteAuthenticationTests<TwitterOptions>
     {
-        private void ConfigureDefaults(TwitterOptions o)
+        protected override string DefaultScheme => TwitterDefaults.AuthenticationScheme;
+        protected override Type HandlerType => typeof(TwitterHandler);
+        protected override bool SupportsSignIn { get => false; }
+        protected override bool SupportsSignOut { get => false; }
+
+        protected override void RegisterAuth(AuthenticationBuilder services, Action<TwitterOptions> configure)
+        {
+            services.AddTwitter(o =>
+            {
+                ConfigureDefaults(o);
+                configure.Invoke(o);
+            });
+        }
+
+        protected override void ConfigureDefaults(TwitterOptions o)
         {
             o.ConsumerKey = "whatever";
             o.ConsumerSecret = "whatever";
             o.SignInScheme = "auth1";
         }
 
-        [Fact]
-        public async Task CanForwardDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
-
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = TwitterDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler>("auth1", "auth1");
-            })
-            .AddTwitter(o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-            });
-
-            var forwardDefault = new TestHandler();
-            services.AddSingleton(forwardDefault);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            Assert.Equal(0, forwardDefault.AuthenticateCount);
-            Assert.Equal(0, forwardDefault.ForbidCount);
-            Assert.Equal(0, forwardDefault.ChallengeCount);
-            Assert.Equal(0, forwardDefault.SignInCount);
-            Assert.Equal(0, forwardDefault.SignOutCount);
-
-            await context.AuthenticateAsync();
-            Assert.Equal(1, forwardDefault.AuthenticateCount);
-
-            await context.ForbidAsync();
-            Assert.Equal(1, forwardDefault.ForbidCount);
-
-            await context.ChallengeAsync();
-            Assert.Equal(1, forwardDefault.ChallengeCount);
-
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
-        }
-
-        [Fact]
-        public async Task ForwardSignInThrows()
-        {
-            var services = new ServiceCollection().AddLogging();
-
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = TwitterDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-                o.AddScheme<TestHandler>("specific", "specific");
-            })
-            .AddTwitter(o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-                o.ForwardSignOut = "specific";
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
-        }
-
-        [Fact]
-        public async Task ForwardSignOutThrows()
-        {
-            var services = new ServiceCollection().AddLogging();
-
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = TwitterDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-                o.AddScheme<TestHandler>("specific", "specific");
-            })
-            .AddTwitter(o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-                o.ForwardSignOut = "specific";
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
-        }
-
-        [Fact]
-        public async Task ForwardForbidWinsOverDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
-
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = TwitterDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-                o.AddScheme<TestHandler>("specific", "specific");
-            })
-            .AddTwitter(o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-                o.ForwardForbid = "specific";
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await context.ForbidAsync();
-            Assert.Equal(0, specific.SignOutCount);
-            Assert.Equal(0, specific.AuthenticateCount);
-            Assert.Equal(1, specific.ForbidCount);
-            Assert.Equal(0, specific.ChallengeCount);
-            Assert.Equal(0, specific.SignInCount);
-
-            Assert.Equal(0, forwardDefault.AuthenticateCount);
-            Assert.Equal(0, forwardDefault.ForbidCount);
-            Assert.Equal(0, forwardDefault.ChallengeCount);
-            Assert.Equal(0, forwardDefault.SignInCount);
-            Assert.Equal(0, forwardDefault.SignOutCount);
-        }
-
-        [Fact]
-        public async Task ForwardAuthenticateWinsOverDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
-
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = TwitterDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-                o.AddScheme<TestHandler>("specific", "specific");
-            })
-            .AddTwitter(o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-                o.ForwardAuthenticate = "specific";
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await context.AuthenticateAsync();
-            Assert.Equal(0, specific.SignOutCount);
-            Assert.Equal(1, specific.AuthenticateCount);
-            Assert.Equal(0, specific.ForbidCount);
-            Assert.Equal(0, specific.ChallengeCount);
-            Assert.Equal(0, specific.SignInCount);
-
-            Assert.Equal(0, forwardDefault.AuthenticateCount);
-            Assert.Equal(0, forwardDefault.ForbidCount);
-            Assert.Equal(0, forwardDefault.ChallengeCount);
-            Assert.Equal(0, forwardDefault.SignInCount);
-            Assert.Equal(0, forwardDefault.SignOutCount);
-        }
-
-        [Fact]
-        public async Task ForwardChallengeWinsOverDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = TwitterDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler>("specific", "specific");
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-            })
-            .AddTwitter(o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-                o.ForwardChallenge = "specific";
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await context.ChallengeAsync();
-            Assert.Equal(0, specific.SignOutCount);
-            Assert.Equal(0, specific.AuthenticateCount);
-            Assert.Equal(0, specific.ForbidCount);
-            Assert.Equal(1, specific.ChallengeCount);
-            Assert.Equal(0, specific.SignInCount);
-
-            Assert.Equal(0, forwardDefault.AuthenticateCount);
-            Assert.Equal(0, forwardDefault.ForbidCount);
-            Assert.Equal(0, forwardDefault.ChallengeCount);
-            Assert.Equal(0, forwardDefault.SignInCount);
-            Assert.Equal(0, forwardDefault.SignOutCount);
-        }
-
-        [Fact]
-        public async Task ForwardSelectorWinsOverDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = TwitterDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-                o.AddScheme<TestHandler3>("selector", "selector");
-                o.AddScheme<TestHandler>("specific", "specific");
-            })
-            .AddTwitter(o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-                o.ForwardDefaultSelector = _ => "selector";
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-            var selector = new TestHandler3();
-            services.AddSingleton(selector);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await context.AuthenticateAsync();
-            Assert.Equal(1, selector.AuthenticateCount);
-
-            await context.ForbidAsync();
-            Assert.Equal(1, selector.ForbidCount);
-
-            await context.ChallengeAsync();
-            Assert.Equal(1, selector.ChallengeCount);
-
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
-
-            Assert.Equal(0, forwardDefault.AuthenticateCount);
-            Assert.Equal(0, forwardDefault.ForbidCount);
-            Assert.Equal(0, forwardDefault.ChallengeCount);
-            Assert.Equal(0, forwardDefault.SignInCount);
-            Assert.Equal(0, forwardDefault.SignOutCount);
-            Assert.Equal(0, specific.AuthenticateCount);
-            Assert.Equal(0, specific.ForbidCount);
-            Assert.Equal(0, specific.ChallengeCount);
-            Assert.Equal(0, specific.SignInCount);
-            Assert.Equal(0, specific.SignOutCount);
-        }
-
-        [Fact]
-        public async Task NullForwardSelectorUsesDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = TwitterDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-                o.AddScheme<TestHandler3>("selector", "selector");
-                o.AddScheme<TestHandler>("specific", "specific");
-            })
-            .AddTwitter(o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-                o.ForwardDefaultSelector = _ => null;
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-            var selector = new TestHandler3();
-            services.AddSingleton(selector);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await context.AuthenticateAsync();
-            Assert.Equal(1, forwardDefault.AuthenticateCount);
-
-            await context.ForbidAsync();
-            Assert.Equal(1, forwardDefault.ForbidCount);
-
-            await context.ChallengeAsync();
-            Assert.Equal(1, forwardDefault.ChallengeCount);
-
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
-
-            Assert.Equal(0, selector.AuthenticateCount);
-            Assert.Equal(0, selector.ForbidCount);
-            Assert.Equal(0, selector.ChallengeCount);
-            Assert.Equal(0, selector.SignInCount);
-            Assert.Equal(0, selector.SignOutCount);
-            Assert.Equal(0, specific.AuthenticateCount);
-            Assert.Equal(0, specific.ForbidCount);
-            Assert.Equal(0, specific.ChallengeCount);
-            Assert.Equal(0, specific.SignInCount);
-            Assert.Equal(0, specific.SignOutCount);
-        }
-
-        [Fact]
-        public async Task SpecificForwardWinsOverSelectorAndDefault()
-        {
-            var services = new ServiceCollection().AddLogging();
-            services.AddAuthentication(o =>
-            {
-                o.DefaultScheme = TwitterDefaults.AuthenticationScheme;
-                o.AddScheme<TestHandler2>("auth1", "auth1");
-                o.AddScheme<TestHandler3>("selector", "selector");
-                o.AddScheme<TestHandler>("specific", "specific");
-            })
-            .AddTwitter(o =>
-            {
-                ConfigureDefaults(o);
-                o.ForwardDefault = "auth1";
-                o.ForwardDefaultSelector = _ => "selector";
-                o.ForwardAuthenticate = "specific";
-                o.ForwardChallenge = "specific";
-                o.ForwardSignIn = "specific";
-                o.ForwardSignOut = "specific";
-                o.ForwardForbid = "specific";
-            });
-
-            var specific = new TestHandler();
-            services.AddSingleton(specific);
-            var forwardDefault = new TestHandler2();
-            services.AddSingleton(forwardDefault);
-            var selector = new TestHandler3();
-            services.AddSingleton(selector);
-
-            var sp = services.BuildServiceProvider();
-            var context = new DefaultHttpContext();
-            context.RequestServices = sp;
-
-            await context.AuthenticateAsync();
-            Assert.Equal(1, specific.AuthenticateCount);
-
-            await context.ForbidAsync();
-            Assert.Equal(1, specific.ForbidCount);
-
-            await context.ChallengeAsync();
-            Assert.Equal(1, specific.ChallengeCount);
-
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
-            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
-
-            Assert.Equal(0, forwardDefault.AuthenticateCount);
-            Assert.Equal(0, forwardDefault.ForbidCount);
-            Assert.Equal(0, forwardDefault.ChallengeCount);
-            Assert.Equal(0, forwardDefault.SignInCount);
-            Assert.Equal(0, forwardDefault.SignOutCount);
-            Assert.Equal(0, selector.AuthenticateCount);
-            Assert.Equal(0, selector.ForbidCount);
-            Assert.Equal(0, selector.ChallengeCount);
-            Assert.Equal(0, selector.SignInCount);
-            Assert.Equal(0, selector.SignOutCount);
-        }
-
-        [Fact]
-        public async Task VerifySignInSchemeCannotBeSetToSelf()
-        {
-            var server = CreateServer(o =>
-            {
-                o.ConsumerKey = "Test Consumer Key";
-                o.ConsumerSecret = "Test Consumer Secret";
-                o.SignInScheme = TwitterDefaults.AuthenticationScheme;
-            });
-            var error = await Assert.ThrowsAsync<InvalidOperationException>(() => server.SendAsync("https://example.com/challenge"));
-            Assert.Contains("cannot be set to itself", error.Message);
-        }
-
-        [Fact]
-        public async Task VerifySchemeDefaults()
-        {
-            var services = new ServiceCollection();
-            services.AddAuthentication().AddTwitter();
-            var sp = services.BuildServiceProvider();
-            var schemeProvider = sp.GetRequiredService<IAuthenticationSchemeProvider>();
-            var scheme = await schemeProvider.GetSchemeAsync(TwitterDefaults.AuthenticationScheme);
-            Assert.NotNull(scheme);
-            Assert.Equal("TwitterHandler", scheme.HandlerType.Name);
-            Assert.Equal(TwitterDefaults.AuthenticationScheme, scheme.DisplayName);
-        }
-
         [Fact]
         public async Task ChallengeWillTriggerApplyRedirectEvent()
         {

From 2ddfd9ec4614df5f541525d063044f7ff8b07185 Mon Sep 17 00:00:00 2001
From: "ASP.NET CI" <aspnetci@users.noreply.github.com>
Date: Sun, 29 Jul 2018 20:09:53 +0000
Subject: [PATCH 09/30] Update dependencies.props

[auto-updated: dependencies]
---
 build/dependencies.props | 59 ++++++++++++++++++++--------------------
 korebuild-lock.txt       |  4 +--
 2 files changed, 32 insertions(+), 31 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index efaeec400e..ed2f39082c 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -3,33 +3,33 @@
     <MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects>
   </PropertyGroup>
   <PropertyGroup Label="Package Versions">
-    <InternalAspNetCoreSdkPackageVersion>3.0.0-alpha1-10011</InternalAspNetCoreSdkPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>3.0.0-alpha1-10123</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>3.0.0-alpha1-10123</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
-    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>3.0.0-alpha1-10123</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
-    <MicrosoftAspNetCoreDataProtectionPackageVersion>3.0.0-alpha1-10123</MicrosoftAspNetCoreDataProtectionPackageVersion>
-    <MicrosoftAspNetCoreDiagnosticsPackageVersion>3.0.0-alpha1-10123</MicrosoftAspNetCoreDiagnosticsPackageVersion>
-    <MicrosoftAspNetCoreHostingPackageVersion>3.0.0-alpha1-10123</MicrosoftAspNetCoreHostingPackageVersion>
-    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>3.0.0-alpha1-10123</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
-    <MicrosoftAspNetCoreHttpPackageVersion>3.0.0-alpha1-10123</MicrosoftAspNetCoreHttpPackageVersion>
-    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>3.0.0-alpha1-10123</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>3.0.0-alpha1-10123</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelPackageVersion>3.0.0-alpha1-10123</MicrosoftAspNetCoreServerKestrelPackageVersion>
-    <MicrosoftAspNetCoreStaticFilesPackageVersion>3.0.0-alpha1-10123</MicrosoftAspNetCoreStaticFilesPackageVersion>
-    <MicrosoftAspNetCoreTestHostPackageVersion>3.0.0-alpha1-10123</MicrosoftAspNetCoreTestHostPackageVersion>
-    <MicrosoftAspNetCoreTestingPackageVersion>3.0.0-alpha1-10123</MicrosoftAspNetCoreTestingPackageVersion>
-    <MicrosoftExtensionsCachingMemoryPackageVersion>3.0.0-alpha1-10123</MicrosoftExtensionsCachingMemoryPackageVersion>
-    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>3.0.0-alpha1-10123</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
-    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>3.0.0-alpha1-10123</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
-    <MicrosoftExtensionsDependencyInjectionPackageVersion>3.0.0-alpha1-10123</MicrosoftExtensionsDependencyInjectionPackageVersion>
-    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>3.0.0-alpha1-10123</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
-    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>3.0.0-alpha1-10123</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingConsolePackageVersion>3.0.0-alpha1-10123</MicrosoftExtensionsLoggingConsolePackageVersion>
-    <MicrosoftExtensionsLoggingDebugPackageVersion>3.0.0-alpha1-10123</MicrosoftExtensionsLoggingDebugPackageVersion>
-    <MicrosoftExtensionsLoggingPackageVersion>3.0.0-alpha1-10123</MicrosoftExtensionsLoggingPackageVersion>
-    <MicrosoftExtensionsOptionsPackageVersion>3.0.0-alpha1-10123</MicrosoftExtensionsOptionsPackageVersion>
-    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>3.0.0-alpha1-10123</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
-    <MicrosoftExtensionsWebEncodersPackageVersion>3.0.0-alpha1-10123</MicrosoftExtensionsWebEncodersPackageVersion>
+    <InternalAspNetCoreSdkPackageVersion>3.0.0-alpha1-10015</InternalAspNetCoreSdkPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>3.0.0-alpha1-10173</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>3.0.0-alpha1-10173</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
+    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>3.0.0-alpha1-10173</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
+    <MicrosoftAspNetCoreDataProtectionPackageVersion>3.0.0-alpha1-10173</MicrosoftAspNetCoreDataProtectionPackageVersion>
+    <MicrosoftAspNetCoreDiagnosticsPackageVersion>3.0.0-alpha1-10173</MicrosoftAspNetCoreDiagnosticsPackageVersion>
+    <MicrosoftAspNetCoreHostingPackageVersion>3.0.0-alpha1-10173</MicrosoftAspNetCoreHostingPackageVersion>
+    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>3.0.0-alpha1-10173</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
+    <MicrosoftAspNetCoreHttpPackageVersion>3.0.0-alpha1-10173</MicrosoftAspNetCoreHttpPackageVersion>
+    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>3.0.0-alpha1-10173</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>3.0.0-alpha1-10173</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>3.0.0-alpha1-10173</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreStaticFilesPackageVersion>3.0.0-alpha1-10173</MicrosoftAspNetCoreStaticFilesPackageVersion>
+    <MicrosoftAspNetCoreTestHostPackageVersion>3.0.0-alpha1-10173</MicrosoftAspNetCoreTestHostPackageVersion>
+    <MicrosoftAspNetCoreTestingPackageVersion>3.0.0-alpha1-10173</MicrosoftAspNetCoreTestingPackageVersion>
+    <MicrosoftExtensionsCachingMemoryPackageVersion>3.0.0-alpha1-10173</MicrosoftExtensionsCachingMemoryPackageVersion>
+    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>3.0.0-alpha1-10173</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
+    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>3.0.0-alpha1-10173</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionPackageVersion>3.0.0-alpha1-10173</MicrosoftExtensionsDependencyInjectionPackageVersion>
+    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>3.0.0-alpha1-10173</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
+    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>3.0.0-alpha1-10173</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingConsolePackageVersion>3.0.0-alpha1-10173</MicrosoftExtensionsLoggingConsolePackageVersion>
+    <MicrosoftExtensionsLoggingDebugPackageVersion>3.0.0-alpha1-10173</MicrosoftExtensionsLoggingDebugPackageVersion>
+    <MicrosoftExtensionsLoggingPackageVersion>3.0.0-alpha1-10173</MicrosoftExtensionsLoggingPackageVersion>
+    <MicrosoftExtensionsOptionsPackageVersion>3.0.0-alpha1-10173</MicrosoftExtensionsOptionsPackageVersion>
+    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>3.0.0-alpha1-10173</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
+    <MicrosoftExtensionsWebEncodersPackageVersion>3.0.0-alpha1-10173</MicrosoftExtensionsWebEncodersPackageVersion>
     <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.2</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
     <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
     <MicrosoftIdentityModelProtocolsWsFederationPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsWsFederationPackageVersion>
@@ -43,9 +43,10 @@
     <NETStandardLibrary20PackageVersion>2.0.3</NETStandardLibrary20PackageVersion>
     <NewtonsoftJsonPackageVersion>11.0.2</NewtonsoftJsonPackageVersion>
     <SystemIdentityModelTokensJwtPackageVersion>5.2.0</SystemIdentityModelTokensJwtPackageVersion>
-    <XunitAnalyzersPackageVersion>0.9.0</XunitAnalyzersPackageVersion>
+    <XunitAnalyzersPackageVersion>0.10.0</XunitAnalyzersPackageVersion>
     <XunitPackageVersion>2.3.1</XunitPackageVersion>
-    <XunitRunnerVisualStudioPackageVersion>2.4.0-rc.1.build4038</XunitRunnerVisualStudioPackageVersion>
+    <XunitRunnerVisualStudioPackageVersion>2.4.0</XunitRunnerVisualStudioPackageVersion>
   </PropertyGroup>
+  <PropertyGroup Label="Package Versions: Pinned" />
   <Import Project="$(DotNetPackageVersionPropsPath)" Condition=" '$(DotNetPackageVersionPropsPath)' != '' " />
 </Project>
diff --git a/korebuild-lock.txt b/korebuild-lock.txt
index 9a67ee9c28..1e75dc3a23 100644
--- a/korebuild-lock.txt
+++ b/korebuild-lock.txt
@@ -1,2 +1,2 @@
-version:3.0.0-alpha1-10011
-commithash:717c2eb1f91dafd2580c1a9b8e5064d12dd8c054
+version:3.0.0-alpha1-10015
+commithash:3f36e5c2f061712f76f2766c435d2555681d5c55

From 1e14a22e0dfe3ebc9c1ddadb69585cee8df471f6 Mon Sep 17 00:00:00 2001
From: Wouter <woeterman94@users.noreply.github.com>
Date: Tue, 31 Jul 2018 13:40:49 +0200
Subject: [PATCH 10/30] Change description of role in RequireRole method

The description of the pram roles feels ambiguous. Make it clear that the user should belong to one of the roles and not all of them.
As documented: https://docs.microsoft.com/en-us/aspnet/core/security/authorization/roles?view=aspnetcore-2.1
---
 .../AuthorizationPolicyBuilder.cs                           | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicyBuilder.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicyBuilder.cs
index 37335df8f2..c2fd22afb8 100644
--- a/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicyBuilder.cs
+++ b/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicyBuilder.cs
@@ -147,7 +147,7 @@ namespace Microsoft.AspNetCore.Authorization
         /// Adds a <see cref="RolesAuthorizationRequirement"/>
         /// to the current instance.
         /// </summary>
-        /// <param name="roles">The roles required.</param>
+        /// <param name="roles">The allowed roles.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
         public AuthorizationPolicyBuilder RequireRole(params string[] roles)
         {
@@ -163,7 +163,7 @@ namespace Microsoft.AspNetCore.Authorization
         /// Adds a <see cref="RolesAuthorizationRequirement"/>
         /// to the current instance.
         /// </summary>
-        /// <param name="roles">The roles required.</param>
+        /// <param name="roles">The allowed roles.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
         public AuthorizationPolicyBuilder RequireRole(IEnumerable<string> roles)
         {
@@ -247,4 +247,4 @@ namespace Microsoft.AspNetCore.Authorization
             return new AuthorizationPolicy(Requirements, AuthenticationSchemes.Distinct());
         }
     }
-}
\ No newline at end of file
+}

From 9f44ef5b5628f3cb5f02d9c7ccc1df6d74fee90b Mon Sep 17 00:00:00 2001
From: "ASP.NET CI" <aspnetci@users.noreply.github.com>
Date: Sun, 5 Aug 2018 20:04:32 +0000
Subject: [PATCH 11/30] Update dependencies.props

[auto-updated: dependencies]
---
 build/dependencies.props | 54 ++++++++++++++++++++--------------------
 korebuild-lock.txt       |  4 +--
 2 files changed, 29 insertions(+), 29 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index ed2f39082c..5f1d18e298 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -3,33 +3,33 @@
     <MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects>
   </PropertyGroup>
   <PropertyGroup Label="Package Versions">
-    <InternalAspNetCoreSdkPackageVersion>3.0.0-alpha1-10015</InternalAspNetCoreSdkPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>3.0.0-alpha1-10173</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>3.0.0-alpha1-10173</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
-    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>3.0.0-alpha1-10173</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
-    <MicrosoftAspNetCoreDataProtectionPackageVersion>3.0.0-alpha1-10173</MicrosoftAspNetCoreDataProtectionPackageVersion>
-    <MicrosoftAspNetCoreDiagnosticsPackageVersion>3.0.0-alpha1-10173</MicrosoftAspNetCoreDiagnosticsPackageVersion>
-    <MicrosoftAspNetCoreHostingPackageVersion>3.0.0-alpha1-10173</MicrosoftAspNetCoreHostingPackageVersion>
-    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>3.0.0-alpha1-10173</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
-    <MicrosoftAspNetCoreHttpPackageVersion>3.0.0-alpha1-10173</MicrosoftAspNetCoreHttpPackageVersion>
-    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>3.0.0-alpha1-10173</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>3.0.0-alpha1-10173</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelPackageVersion>3.0.0-alpha1-10173</MicrosoftAspNetCoreServerKestrelPackageVersion>
-    <MicrosoftAspNetCoreStaticFilesPackageVersion>3.0.0-alpha1-10173</MicrosoftAspNetCoreStaticFilesPackageVersion>
-    <MicrosoftAspNetCoreTestHostPackageVersion>3.0.0-alpha1-10173</MicrosoftAspNetCoreTestHostPackageVersion>
-    <MicrosoftAspNetCoreTestingPackageVersion>3.0.0-alpha1-10173</MicrosoftAspNetCoreTestingPackageVersion>
-    <MicrosoftExtensionsCachingMemoryPackageVersion>3.0.0-alpha1-10173</MicrosoftExtensionsCachingMemoryPackageVersion>
-    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>3.0.0-alpha1-10173</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
-    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>3.0.0-alpha1-10173</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
-    <MicrosoftExtensionsDependencyInjectionPackageVersion>3.0.0-alpha1-10173</MicrosoftExtensionsDependencyInjectionPackageVersion>
-    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>3.0.0-alpha1-10173</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
-    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>3.0.0-alpha1-10173</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingConsolePackageVersion>3.0.0-alpha1-10173</MicrosoftExtensionsLoggingConsolePackageVersion>
-    <MicrosoftExtensionsLoggingDebugPackageVersion>3.0.0-alpha1-10173</MicrosoftExtensionsLoggingDebugPackageVersion>
-    <MicrosoftExtensionsLoggingPackageVersion>3.0.0-alpha1-10173</MicrosoftExtensionsLoggingPackageVersion>
-    <MicrosoftExtensionsOptionsPackageVersion>3.0.0-alpha1-10173</MicrosoftExtensionsOptionsPackageVersion>
-    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>3.0.0-alpha1-10173</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
-    <MicrosoftExtensionsWebEncodersPackageVersion>3.0.0-alpha1-10173</MicrosoftExtensionsWebEncodersPackageVersion>
+    <InternalAspNetCoreSdkPackageVersion>3.0.0-alpha1-20180731.2</InternalAspNetCoreSdkPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>3.0.0-alpha1-10221</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>3.0.0-alpha1-10221</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
+    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>3.0.0-alpha1-10221</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
+    <MicrosoftAspNetCoreDataProtectionPackageVersion>3.0.0-alpha1-10221</MicrosoftAspNetCoreDataProtectionPackageVersion>
+    <MicrosoftAspNetCoreDiagnosticsPackageVersion>3.0.0-alpha1-10221</MicrosoftAspNetCoreDiagnosticsPackageVersion>
+    <MicrosoftAspNetCoreHostingPackageVersion>3.0.0-alpha1-10221</MicrosoftAspNetCoreHostingPackageVersion>
+    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>3.0.0-alpha1-10221</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
+    <MicrosoftAspNetCoreHttpPackageVersion>3.0.0-alpha1-10221</MicrosoftAspNetCoreHttpPackageVersion>
+    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>3.0.0-alpha1-10221</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>3.0.0-alpha1-10221</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>3.0.0-alpha1-10221</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreStaticFilesPackageVersion>3.0.0-alpha1-10221</MicrosoftAspNetCoreStaticFilesPackageVersion>
+    <MicrosoftAspNetCoreTestHostPackageVersion>3.0.0-alpha1-10221</MicrosoftAspNetCoreTestHostPackageVersion>
+    <MicrosoftAspNetCoreTestingPackageVersion>3.0.0-alpha1-10221</MicrosoftAspNetCoreTestingPackageVersion>
+    <MicrosoftExtensionsCachingMemoryPackageVersion>3.0.0-alpha1-10221</MicrosoftExtensionsCachingMemoryPackageVersion>
+    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>3.0.0-alpha1-10221</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
+    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>3.0.0-alpha1-10221</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionPackageVersion>3.0.0-alpha1-10221</MicrosoftExtensionsDependencyInjectionPackageVersion>
+    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>3.0.0-alpha1-10221</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
+    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>3.0.0-alpha1-10221</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingConsolePackageVersion>3.0.0-alpha1-10221</MicrosoftExtensionsLoggingConsolePackageVersion>
+    <MicrosoftExtensionsLoggingDebugPackageVersion>3.0.0-alpha1-10221</MicrosoftExtensionsLoggingDebugPackageVersion>
+    <MicrosoftExtensionsLoggingPackageVersion>3.0.0-alpha1-10221</MicrosoftExtensionsLoggingPackageVersion>
+    <MicrosoftExtensionsOptionsPackageVersion>3.0.0-alpha1-10221</MicrosoftExtensionsOptionsPackageVersion>
+    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>3.0.0-alpha1-10221</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
+    <MicrosoftExtensionsWebEncodersPackageVersion>3.0.0-alpha1-10221</MicrosoftExtensionsWebEncodersPackageVersion>
     <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.2</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
     <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
     <MicrosoftIdentityModelProtocolsWsFederationPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsWsFederationPackageVersion>
diff --git a/korebuild-lock.txt b/korebuild-lock.txt
index 1e75dc3a23..8f9f6066ef 100644
--- a/korebuild-lock.txt
+++ b/korebuild-lock.txt
@@ -1,2 +1,2 @@
-version:3.0.0-alpha1-10015
-commithash:3f36e5c2f061712f76f2766c435d2555681d5c55
+version:3.0.0-alpha1-20180731.2
+commithash:1179f1083695ac9213c8a70a4d1d6c45a52caf41

From f084067d6a255fde3d12c07988157311ba52c51a Mon Sep 17 00:00:00 2001
From: "ASP.NET CI" <aspnetci@users.noreply.github.com>
Date: Sun, 12 Aug 2018 20:14:03 +0000
Subject: [PATCH 12/30] Update dependencies.props

[auto-updated: dependencies]
---
 build/dependencies.props | 54 ++++++++++++++++++++--------------------
 korebuild-lock.txt       |  4 +--
 2 files changed, 29 insertions(+), 29 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index 5f1d18e298..6c563e9b79 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -3,33 +3,33 @@
     <MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects>
   </PropertyGroup>
   <PropertyGroup Label="Package Versions">
-    <InternalAspNetCoreSdkPackageVersion>3.0.0-alpha1-20180731.2</InternalAspNetCoreSdkPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>3.0.0-alpha1-10221</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>3.0.0-alpha1-10221</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
-    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>3.0.0-alpha1-10221</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
-    <MicrosoftAspNetCoreDataProtectionPackageVersion>3.0.0-alpha1-10221</MicrosoftAspNetCoreDataProtectionPackageVersion>
-    <MicrosoftAspNetCoreDiagnosticsPackageVersion>3.0.0-alpha1-10221</MicrosoftAspNetCoreDiagnosticsPackageVersion>
-    <MicrosoftAspNetCoreHostingPackageVersion>3.0.0-alpha1-10221</MicrosoftAspNetCoreHostingPackageVersion>
-    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>3.0.0-alpha1-10221</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
-    <MicrosoftAspNetCoreHttpPackageVersion>3.0.0-alpha1-10221</MicrosoftAspNetCoreHttpPackageVersion>
-    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>3.0.0-alpha1-10221</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>3.0.0-alpha1-10221</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelPackageVersion>3.0.0-alpha1-10221</MicrosoftAspNetCoreServerKestrelPackageVersion>
-    <MicrosoftAspNetCoreStaticFilesPackageVersion>3.0.0-alpha1-10221</MicrosoftAspNetCoreStaticFilesPackageVersion>
-    <MicrosoftAspNetCoreTestHostPackageVersion>3.0.0-alpha1-10221</MicrosoftAspNetCoreTestHostPackageVersion>
-    <MicrosoftAspNetCoreTestingPackageVersion>3.0.0-alpha1-10221</MicrosoftAspNetCoreTestingPackageVersion>
-    <MicrosoftExtensionsCachingMemoryPackageVersion>3.0.0-alpha1-10221</MicrosoftExtensionsCachingMemoryPackageVersion>
-    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>3.0.0-alpha1-10221</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
-    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>3.0.0-alpha1-10221</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
-    <MicrosoftExtensionsDependencyInjectionPackageVersion>3.0.0-alpha1-10221</MicrosoftExtensionsDependencyInjectionPackageVersion>
-    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>3.0.0-alpha1-10221</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
-    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>3.0.0-alpha1-10221</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingConsolePackageVersion>3.0.0-alpha1-10221</MicrosoftExtensionsLoggingConsolePackageVersion>
-    <MicrosoftExtensionsLoggingDebugPackageVersion>3.0.0-alpha1-10221</MicrosoftExtensionsLoggingDebugPackageVersion>
-    <MicrosoftExtensionsLoggingPackageVersion>3.0.0-alpha1-10221</MicrosoftExtensionsLoggingPackageVersion>
-    <MicrosoftExtensionsOptionsPackageVersion>3.0.0-alpha1-10221</MicrosoftExtensionsOptionsPackageVersion>
-    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>3.0.0-alpha1-10221</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
-    <MicrosoftExtensionsWebEncodersPackageVersion>3.0.0-alpha1-10221</MicrosoftExtensionsWebEncodersPackageVersion>
+    <InternalAspNetCoreSdkPackageVersion>3.0.0-alpha1-20180810.1</InternalAspNetCoreSdkPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>3.0.0-alpha1-10275</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>3.0.0-alpha1-10275</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
+    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>3.0.0-alpha1-10275</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
+    <MicrosoftAspNetCoreDataProtectionPackageVersion>3.0.0-alpha1-10275</MicrosoftAspNetCoreDataProtectionPackageVersion>
+    <MicrosoftAspNetCoreDiagnosticsPackageVersion>3.0.0-alpha1-10275</MicrosoftAspNetCoreDiagnosticsPackageVersion>
+    <MicrosoftAspNetCoreHostingPackageVersion>3.0.0-alpha1-10275</MicrosoftAspNetCoreHostingPackageVersion>
+    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>3.0.0-alpha1-10275</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
+    <MicrosoftAspNetCoreHttpPackageVersion>3.0.0-alpha1-10275</MicrosoftAspNetCoreHttpPackageVersion>
+    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>3.0.0-alpha1-10275</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>3.0.0-alpha1-10275</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>3.0.0-alpha1-10275</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreStaticFilesPackageVersion>3.0.0-alpha1-10275</MicrosoftAspNetCoreStaticFilesPackageVersion>
+    <MicrosoftAspNetCoreTestHostPackageVersion>3.0.0-alpha1-10275</MicrosoftAspNetCoreTestHostPackageVersion>
+    <MicrosoftAspNetCoreTestingPackageVersion>3.0.0-alpha1-10275</MicrosoftAspNetCoreTestingPackageVersion>
+    <MicrosoftExtensionsCachingMemoryPackageVersion>3.0.0-alpha1-10275</MicrosoftExtensionsCachingMemoryPackageVersion>
+    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>3.0.0-alpha1-10275</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
+    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>3.0.0-alpha1-10275</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionPackageVersion>3.0.0-alpha1-10275</MicrosoftExtensionsDependencyInjectionPackageVersion>
+    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>3.0.0-alpha1-10275</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
+    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>3.0.0-alpha1-10275</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingConsolePackageVersion>3.0.0-alpha1-10275</MicrosoftExtensionsLoggingConsolePackageVersion>
+    <MicrosoftExtensionsLoggingDebugPackageVersion>3.0.0-alpha1-10275</MicrosoftExtensionsLoggingDebugPackageVersion>
+    <MicrosoftExtensionsLoggingPackageVersion>3.0.0-alpha1-10275</MicrosoftExtensionsLoggingPackageVersion>
+    <MicrosoftExtensionsOptionsPackageVersion>3.0.0-alpha1-10275</MicrosoftExtensionsOptionsPackageVersion>
+    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>3.0.0-alpha1-10275</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
+    <MicrosoftExtensionsWebEncodersPackageVersion>3.0.0-alpha1-10275</MicrosoftExtensionsWebEncodersPackageVersion>
     <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.2</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
     <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
     <MicrosoftIdentityModelProtocolsWsFederationPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsWsFederationPackageVersion>
diff --git a/korebuild-lock.txt b/korebuild-lock.txt
index 8f9f6066ef..e417a01b52 100644
--- a/korebuild-lock.txt
+++ b/korebuild-lock.txt
@@ -1,2 +1,2 @@
-version:3.0.0-alpha1-20180731.2
-commithash:1179f1083695ac9213c8a70a4d1d6c45a52caf41
+version:3.0.0-alpha1-20180810.1
+commithash:45c32b4f020e14a9295be31866051a18d293309d

From 79f8442ce2e37aa506433fe6cfa4df9e31b601a5 Mon Sep 17 00:00:00 2001
From: "ASP.NET CI" <aspnetci@users.noreply.github.com>
Date: Sun, 19 Aug 2018 19:28:38 +0000
Subject: [PATCH 13/30] Update dependencies.props

[auto-updated: dependencies]
---
 build/dependencies.props | 54 ++++++++++++++++++++--------------------
 korebuild-lock.txt       |  4 +--
 2 files changed, 29 insertions(+), 29 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index 6c563e9b79..6cf929cc2d 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -3,33 +3,33 @@
     <MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects>
   </PropertyGroup>
   <PropertyGroup Label="Package Versions">
-    <InternalAspNetCoreSdkPackageVersion>3.0.0-alpha1-20180810.1</InternalAspNetCoreSdkPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>3.0.0-alpha1-10275</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>3.0.0-alpha1-10275</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
-    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>3.0.0-alpha1-10275</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
-    <MicrosoftAspNetCoreDataProtectionPackageVersion>3.0.0-alpha1-10275</MicrosoftAspNetCoreDataProtectionPackageVersion>
-    <MicrosoftAspNetCoreDiagnosticsPackageVersion>3.0.0-alpha1-10275</MicrosoftAspNetCoreDiagnosticsPackageVersion>
-    <MicrosoftAspNetCoreHostingPackageVersion>3.0.0-alpha1-10275</MicrosoftAspNetCoreHostingPackageVersion>
-    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>3.0.0-alpha1-10275</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
-    <MicrosoftAspNetCoreHttpPackageVersion>3.0.0-alpha1-10275</MicrosoftAspNetCoreHttpPackageVersion>
-    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>3.0.0-alpha1-10275</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>3.0.0-alpha1-10275</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelPackageVersion>3.0.0-alpha1-10275</MicrosoftAspNetCoreServerKestrelPackageVersion>
-    <MicrosoftAspNetCoreStaticFilesPackageVersion>3.0.0-alpha1-10275</MicrosoftAspNetCoreStaticFilesPackageVersion>
-    <MicrosoftAspNetCoreTestHostPackageVersion>3.0.0-alpha1-10275</MicrosoftAspNetCoreTestHostPackageVersion>
-    <MicrosoftAspNetCoreTestingPackageVersion>3.0.0-alpha1-10275</MicrosoftAspNetCoreTestingPackageVersion>
-    <MicrosoftExtensionsCachingMemoryPackageVersion>3.0.0-alpha1-10275</MicrosoftExtensionsCachingMemoryPackageVersion>
-    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>3.0.0-alpha1-10275</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
-    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>3.0.0-alpha1-10275</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
-    <MicrosoftExtensionsDependencyInjectionPackageVersion>3.0.0-alpha1-10275</MicrosoftExtensionsDependencyInjectionPackageVersion>
-    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>3.0.0-alpha1-10275</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
-    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>3.0.0-alpha1-10275</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingConsolePackageVersion>3.0.0-alpha1-10275</MicrosoftExtensionsLoggingConsolePackageVersion>
-    <MicrosoftExtensionsLoggingDebugPackageVersion>3.0.0-alpha1-10275</MicrosoftExtensionsLoggingDebugPackageVersion>
-    <MicrosoftExtensionsLoggingPackageVersion>3.0.0-alpha1-10275</MicrosoftExtensionsLoggingPackageVersion>
-    <MicrosoftExtensionsOptionsPackageVersion>3.0.0-alpha1-10275</MicrosoftExtensionsOptionsPackageVersion>
-    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>3.0.0-alpha1-10275</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
-    <MicrosoftExtensionsWebEncodersPackageVersion>3.0.0-alpha1-10275</MicrosoftExtensionsWebEncodersPackageVersion>
+    <InternalAspNetCoreSdkPackageVersion>3.0.0-alpha1-20180817.3</InternalAspNetCoreSdkPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>3.0.0-alpha1-10321</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>3.0.0-alpha1-10321</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
+    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>3.0.0-alpha1-10321</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
+    <MicrosoftAspNetCoreDataProtectionPackageVersion>3.0.0-alpha1-10321</MicrosoftAspNetCoreDataProtectionPackageVersion>
+    <MicrosoftAspNetCoreDiagnosticsPackageVersion>3.0.0-alpha1-10321</MicrosoftAspNetCoreDiagnosticsPackageVersion>
+    <MicrosoftAspNetCoreHostingPackageVersion>3.0.0-alpha1-10321</MicrosoftAspNetCoreHostingPackageVersion>
+    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>3.0.0-alpha1-10321</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
+    <MicrosoftAspNetCoreHttpPackageVersion>3.0.0-alpha1-10321</MicrosoftAspNetCoreHttpPackageVersion>
+    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>3.0.0-alpha1-10321</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>3.0.0-alpha1-10321</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>3.0.0-alpha1-10321</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreStaticFilesPackageVersion>3.0.0-alpha1-10321</MicrosoftAspNetCoreStaticFilesPackageVersion>
+    <MicrosoftAspNetCoreTestHostPackageVersion>3.0.0-alpha1-10321</MicrosoftAspNetCoreTestHostPackageVersion>
+    <MicrosoftAspNetCoreTestingPackageVersion>3.0.0-alpha1-10321</MicrosoftAspNetCoreTestingPackageVersion>
+    <MicrosoftExtensionsCachingMemoryPackageVersion>3.0.0-alpha1-10321</MicrosoftExtensionsCachingMemoryPackageVersion>
+    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>3.0.0-alpha1-10321</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
+    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>3.0.0-alpha1-10321</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionPackageVersion>3.0.0-alpha1-10321</MicrosoftExtensionsDependencyInjectionPackageVersion>
+    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>3.0.0-alpha1-10321</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
+    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>3.0.0-alpha1-10321</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingConsolePackageVersion>3.0.0-alpha1-10321</MicrosoftExtensionsLoggingConsolePackageVersion>
+    <MicrosoftExtensionsLoggingDebugPackageVersion>3.0.0-alpha1-10321</MicrosoftExtensionsLoggingDebugPackageVersion>
+    <MicrosoftExtensionsLoggingPackageVersion>3.0.0-alpha1-10321</MicrosoftExtensionsLoggingPackageVersion>
+    <MicrosoftExtensionsOptionsPackageVersion>3.0.0-alpha1-10321</MicrosoftExtensionsOptionsPackageVersion>
+    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>3.0.0-alpha1-10321</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
+    <MicrosoftExtensionsWebEncodersPackageVersion>3.0.0-alpha1-10321</MicrosoftExtensionsWebEncodersPackageVersion>
     <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.2</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
     <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
     <MicrosoftIdentityModelProtocolsWsFederationPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsWsFederationPackageVersion>
diff --git a/korebuild-lock.txt b/korebuild-lock.txt
index e417a01b52..e5330b3d33 100644
--- a/korebuild-lock.txt
+++ b/korebuild-lock.txt
@@ -1,2 +1,2 @@
-version:3.0.0-alpha1-20180810.1
-commithash:45c32b4f020e14a9295be31866051a18d293309d
+version:3.0.0-alpha1-20180817.3
+commithash:134cdbee9bee29dd3ccb654c67663b27b9ffa6c8

From 7a7dcec569619e40c1f2e2996333aeb10c1f5ad5 Mon Sep 17 00:00:00 2001
From: "ASP.NET CI" <aspnetci@users.noreply.github.com>
Date: Sun, 26 Aug 2018 19:28:22 +0000
Subject: [PATCH 14/30] Update dependencies.props

[auto-updated: dependencies]
---
 build/dependencies.props | 54 ++++++++++++++++++++--------------------
 korebuild-lock.txt       |  4 +--
 2 files changed, 29 insertions(+), 29 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index 6cf929cc2d..f89ecc2057 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -3,33 +3,33 @@
     <MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects>
   </PropertyGroup>
   <PropertyGroup Label="Package Versions">
-    <InternalAspNetCoreSdkPackageVersion>3.0.0-alpha1-20180817.3</InternalAspNetCoreSdkPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>3.0.0-alpha1-10321</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>3.0.0-alpha1-10321</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
-    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>3.0.0-alpha1-10321</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
-    <MicrosoftAspNetCoreDataProtectionPackageVersion>3.0.0-alpha1-10321</MicrosoftAspNetCoreDataProtectionPackageVersion>
-    <MicrosoftAspNetCoreDiagnosticsPackageVersion>3.0.0-alpha1-10321</MicrosoftAspNetCoreDiagnosticsPackageVersion>
-    <MicrosoftAspNetCoreHostingPackageVersion>3.0.0-alpha1-10321</MicrosoftAspNetCoreHostingPackageVersion>
-    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>3.0.0-alpha1-10321</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
-    <MicrosoftAspNetCoreHttpPackageVersion>3.0.0-alpha1-10321</MicrosoftAspNetCoreHttpPackageVersion>
-    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>3.0.0-alpha1-10321</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>3.0.0-alpha1-10321</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelPackageVersion>3.0.0-alpha1-10321</MicrosoftAspNetCoreServerKestrelPackageVersion>
-    <MicrosoftAspNetCoreStaticFilesPackageVersion>3.0.0-alpha1-10321</MicrosoftAspNetCoreStaticFilesPackageVersion>
-    <MicrosoftAspNetCoreTestHostPackageVersion>3.0.0-alpha1-10321</MicrosoftAspNetCoreTestHostPackageVersion>
-    <MicrosoftAspNetCoreTestingPackageVersion>3.0.0-alpha1-10321</MicrosoftAspNetCoreTestingPackageVersion>
-    <MicrosoftExtensionsCachingMemoryPackageVersion>3.0.0-alpha1-10321</MicrosoftExtensionsCachingMemoryPackageVersion>
-    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>3.0.0-alpha1-10321</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
-    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>3.0.0-alpha1-10321</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
-    <MicrosoftExtensionsDependencyInjectionPackageVersion>3.0.0-alpha1-10321</MicrosoftExtensionsDependencyInjectionPackageVersion>
-    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>3.0.0-alpha1-10321</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
-    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>3.0.0-alpha1-10321</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingConsolePackageVersion>3.0.0-alpha1-10321</MicrosoftExtensionsLoggingConsolePackageVersion>
-    <MicrosoftExtensionsLoggingDebugPackageVersion>3.0.0-alpha1-10321</MicrosoftExtensionsLoggingDebugPackageVersion>
-    <MicrosoftExtensionsLoggingPackageVersion>3.0.0-alpha1-10321</MicrosoftExtensionsLoggingPackageVersion>
-    <MicrosoftExtensionsOptionsPackageVersion>3.0.0-alpha1-10321</MicrosoftExtensionsOptionsPackageVersion>
-    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>3.0.0-alpha1-10321</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
-    <MicrosoftExtensionsWebEncodersPackageVersion>3.0.0-alpha1-10321</MicrosoftExtensionsWebEncodersPackageVersion>
+    <InternalAspNetCoreSdkPackageVersion>3.0.0-alpha1-20180821.3</InternalAspNetCoreSdkPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>3.0.0-alpha1-10352</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>3.0.0-alpha1-10352</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
+    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>3.0.0-alpha1-10352</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
+    <MicrosoftAspNetCoreDataProtectionPackageVersion>3.0.0-alpha1-10352</MicrosoftAspNetCoreDataProtectionPackageVersion>
+    <MicrosoftAspNetCoreDiagnosticsPackageVersion>3.0.0-alpha1-10352</MicrosoftAspNetCoreDiagnosticsPackageVersion>
+    <MicrosoftAspNetCoreHostingPackageVersion>3.0.0-alpha1-10352</MicrosoftAspNetCoreHostingPackageVersion>
+    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>3.0.0-alpha1-10352</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
+    <MicrosoftAspNetCoreHttpPackageVersion>3.0.0-alpha1-10352</MicrosoftAspNetCoreHttpPackageVersion>
+    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>3.0.0-alpha1-10352</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>3.0.0-alpha1-10352</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>3.0.0-alpha1-10352</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreStaticFilesPackageVersion>3.0.0-alpha1-10352</MicrosoftAspNetCoreStaticFilesPackageVersion>
+    <MicrosoftAspNetCoreTestHostPackageVersion>3.0.0-alpha1-10352</MicrosoftAspNetCoreTestHostPackageVersion>
+    <MicrosoftAspNetCoreTestingPackageVersion>3.0.0-alpha1-10352</MicrosoftAspNetCoreTestingPackageVersion>
+    <MicrosoftExtensionsCachingMemoryPackageVersion>3.0.0-alpha1-10352</MicrosoftExtensionsCachingMemoryPackageVersion>
+    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>3.0.0-alpha1-10352</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
+    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>3.0.0-alpha1-10352</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionPackageVersion>3.0.0-alpha1-10352</MicrosoftExtensionsDependencyInjectionPackageVersion>
+    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>3.0.0-alpha1-10352</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
+    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>3.0.0-alpha1-10352</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingConsolePackageVersion>3.0.0-alpha1-10352</MicrosoftExtensionsLoggingConsolePackageVersion>
+    <MicrosoftExtensionsLoggingDebugPackageVersion>3.0.0-alpha1-10352</MicrosoftExtensionsLoggingDebugPackageVersion>
+    <MicrosoftExtensionsLoggingPackageVersion>3.0.0-alpha1-10352</MicrosoftExtensionsLoggingPackageVersion>
+    <MicrosoftExtensionsOptionsPackageVersion>3.0.0-alpha1-10352</MicrosoftExtensionsOptionsPackageVersion>
+    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>3.0.0-alpha1-10352</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
+    <MicrosoftExtensionsWebEncodersPackageVersion>3.0.0-alpha1-10352</MicrosoftExtensionsWebEncodersPackageVersion>
     <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.2</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
     <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
     <MicrosoftIdentityModelProtocolsWsFederationPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsWsFederationPackageVersion>
diff --git a/korebuild-lock.txt b/korebuild-lock.txt
index e5330b3d33..767a471795 100644
--- a/korebuild-lock.txt
+++ b/korebuild-lock.txt
@@ -1,2 +1,2 @@
-version:3.0.0-alpha1-20180817.3
-commithash:134cdbee9bee29dd3ccb654c67663b27b9ffa6c8
+version:3.0.0-alpha1-20180821.3
+commithash:0939a90812deb1c604eb9a4768869687495fc1dd

From e2a07fbddcc5b1d9fb45ed94159f88fda87cbe0c Mon Sep 17 00:00:00 2001
From: "ASP.NET CI" <aspnetci@users.noreply.github.com>
Date: Sun, 2 Sep 2018 19:27:32 +0000
Subject: [PATCH 15/30] Update dependencies.props

[auto-updated: dependencies]
---
 build/dependencies.props | 52 ++++++++++++++++++++--------------------
 1 file changed, 26 insertions(+), 26 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index f89ecc2057..be569db69b 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -4,32 +4,32 @@
   </PropertyGroup>
   <PropertyGroup Label="Package Versions">
     <InternalAspNetCoreSdkPackageVersion>3.0.0-alpha1-20180821.3</InternalAspNetCoreSdkPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>3.0.0-alpha1-10352</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>3.0.0-alpha1-10352</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
-    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>3.0.0-alpha1-10352</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
-    <MicrosoftAspNetCoreDataProtectionPackageVersion>3.0.0-alpha1-10352</MicrosoftAspNetCoreDataProtectionPackageVersion>
-    <MicrosoftAspNetCoreDiagnosticsPackageVersion>3.0.0-alpha1-10352</MicrosoftAspNetCoreDiagnosticsPackageVersion>
-    <MicrosoftAspNetCoreHostingPackageVersion>3.0.0-alpha1-10352</MicrosoftAspNetCoreHostingPackageVersion>
-    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>3.0.0-alpha1-10352</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
-    <MicrosoftAspNetCoreHttpPackageVersion>3.0.0-alpha1-10352</MicrosoftAspNetCoreHttpPackageVersion>
-    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>3.0.0-alpha1-10352</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>3.0.0-alpha1-10352</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelPackageVersion>3.0.0-alpha1-10352</MicrosoftAspNetCoreServerKestrelPackageVersion>
-    <MicrosoftAspNetCoreStaticFilesPackageVersion>3.0.0-alpha1-10352</MicrosoftAspNetCoreStaticFilesPackageVersion>
-    <MicrosoftAspNetCoreTestHostPackageVersion>3.0.0-alpha1-10352</MicrosoftAspNetCoreTestHostPackageVersion>
-    <MicrosoftAspNetCoreTestingPackageVersion>3.0.0-alpha1-10352</MicrosoftAspNetCoreTestingPackageVersion>
-    <MicrosoftExtensionsCachingMemoryPackageVersion>3.0.0-alpha1-10352</MicrosoftExtensionsCachingMemoryPackageVersion>
-    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>3.0.0-alpha1-10352</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
-    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>3.0.0-alpha1-10352</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
-    <MicrosoftExtensionsDependencyInjectionPackageVersion>3.0.0-alpha1-10352</MicrosoftExtensionsDependencyInjectionPackageVersion>
-    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>3.0.0-alpha1-10352</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
-    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>3.0.0-alpha1-10352</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingConsolePackageVersion>3.0.0-alpha1-10352</MicrosoftExtensionsLoggingConsolePackageVersion>
-    <MicrosoftExtensionsLoggingDebugPackageVersion>3.0.0-alpha1-10352</MicrosoftExtensionsLoggingDebugPackageVersion>
-    <MicrosoftExtensionsLoggingPackageVersion>3.0.0-alpha1-10352</MicrosoftExtensionsLoggingPackageVersion>
-    <MicrosoftExtensionsOptionsPackageVersion>3.0.0-alpha1-10352</MicrosoftExtensionsOptionsPackageVersion>
-    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>3.0.0-alpha1-10352</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
-    <MicrosoftExtensionsWebEncodersPackageVersion>3.0.0-alpha1-10352</MicrosoftExtensionsWebEncodersPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>3.0.0-alpha1-10393</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>3.0.0-alpha1-10393</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
+    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>3.0.0-alpha1-10393</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
+    <MicrosoftAspNetCoreDataProtectionPackageVersion>3.0.0-alpha1-10393</MicrosoftAspNetCoreDataProtectionPackageVersion>
+    <MicrosoftAspNetCoreDiagnosticsPackageVersion>3.0.0-alpha1-10393</MicrosoftAspNetCoreDiagnosticsPackageVersion>
+    <MicrosoftAspNetCoreHostingPackageVersion>3.0.0-alpha1-10393</MicrosoftAspNetCoreHostingPackageVersion>
+    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>3.0.0-alpha1-10393</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
+    <MicrosoftAspNetCoreHttpPackageVersion>3.0.0-alpha1-10393</MicrosoftAspNetCoreHttpPackageVersion>
+    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>3.0.0-alpha1-10393</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>3.0.0-alpha1-10393</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>3.0.0-alpha1-10393</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreStaticFilesPackageVersion>3.0.0-alpha1-10393</MicrosoftAspNetCoreStaticFilesPackageVersion>
+    <MicrosoftAspNetCoreTestHostPackageVersion>3.0.0-alpha1-10393</MicrosoftAspNetCoreTestHostPackageVersion>
+    <MicrosoftAspNetCoreTestingPackageVersion>3.0.0-alpha1-10393</MicrosoftAspNetCoreTestingPackageVersion>
+    <MicrosoftExtensionsCachingMemoryPackageVersion>3.0.0-alpha1-10393</MicrosoftExtensionsCachingMemoryPackageVersion>
+    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>3.0.0-alpha1-10393</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
+    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>3.0.0-alpha1-10393</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionPackageVersion>3.0.0-alpha1-10393</MicrosoftExtensionsDependencyInjectionPackageVersion>
+    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>3.0.0-alpha1-10393</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
+    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>3.0.0-alpha1-10393</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingConsolePackageVersion>3.0.0-alpha1-10393</MicrosoftExtensionsLoggingConsolePackageVersion>
+    <MicrosoftExtensionsLoggingDebugPackageVersion>3.0.0-alpha1-10393</MicrosoftExtensionsLoggingDebugPackageVersion>
+    <MicrosoftExtensionsLoggingPackageVersion>3.0.0-alpha1-10393</MicrosoftExtensionsLoggingPackageVersion>
+    <MicrosoftExtensionsOptionsPackageVersion>3.0.0-alpha1-10393</MicrosoftExtensionsOptionsPackageVersion>
+    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>3.0.0-alpha1-10393</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
+    <MicrosoftExtensionsWebEncodersPackageVersion>3.0.0-alpha1-10393</MicrosoftExtensionsWebEncodersPackageVersion>
     <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.2</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
     <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
     <MicrosoftIdentityModelProtocolsWsFederationPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsWsFederationPackageVersion>

From f8959fd6a842cb325a09cc99efee82d05ae6a202 Mon Sep 17 00:00:00 2001
From: "ASP.NET CI" <aspnetci@users.noreply.github.com>
Date: Thu, 6 Sep 2018 00:00:16 +0000
Subject: [PATCH 16/30] Update dependencies.props

[auto-updated: dependencies]
---
 build/dependencies.props | 56 ++++++++++++++++++++--------------------
 1 file changed, 28 insertions(+), 28 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index be569db69b..a6108f771a 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -4,38 +4,38 @@
   </PropertyGroup>
   <PropertyGroup Label="Package Versions">
     <InternalAspNetCoreSdkPackageVersion>3.0.0-alpha1-20180821.3</InternalAspNetCoreSdkPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>3.0.0-alpha1-10393</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>3.0.0-alpha1-10393</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
-    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>3.0.0-alpha1-10393</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
-    <MicrosoftAspNetCoreDataProtectionPackageVersion>3.0.0-alpha1-10393</MicrosoftAspNetCoreDataProtectionPackageVersion>
-    <MicrosoftAspNetCoreDiagnosticsPackageVersion>3.0.0-alpha1-10393</MicrosoftAspNetCoreDiagnosticsPackageVersion>
-    <MicrosoftAspNetCoreHostingPackageVersion>3.0.0-alpha1-10393</MicrosoftAspNetCoreHostingPackageVersion>
-    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>3.0.0-alpha1-10393</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
-    <MicrosoftAspNetCoreHttpPackageVersion>3.0.0-alpha1-10393</MicrosoftAspNetCoreHttpPackageVersion>
-    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>3.0.0-alpha1-10393</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>3.0.0-alpha1-10393</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelPackageVersion>3.0.0-alpha1-10393</MicrosoftAspNetCoreServerKestrelPackageVersion>
-    <MicrosoftAspNetCoreStaticFilesPackageVersion>3.0.0-alpha1-10393</MicrosoftAspNetCoreStaticFilesPackageVersion>
-    <MicrosoftAspNetCoreTestHostPackageVersion>3.0.0-alpha1-10393</MicrosoftAspNetCoreTestHostPackageVersion>
-    <MicrosoftAspNetCoreTestingPackageVersion>3.0.0-alpha1-10393</MicrosoftAspNetCoreTestingPackageVersion>
-    <MicrosoftExtensionsCachingMemoryPackageVersion>3.0.0-alpha1-10393</MicrosoftExtensionsCachingMemoryPackageVersion>
-    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>3.0.0-alpha1-10393</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
-    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>3.0.0-alpha1-10393</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
-    <MicrosoftExtensionsDependencyInjectionPackageVersion>3.0.0-alpha1-10393</MicrosoftExtensionsDependencyInjectionPackageVersion>
-    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>3.0.0-alpha1-10393</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
-    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>3.0.0-alpha1-10393</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingConsolePackageVersion>3.0.0-alpha1-10393</MicrosoftExtensionsLoggingConsolePackageVersion>
-    <MicrosoftExtensionsLoggingDebugPackageVersion>3.0.0-alpha1-10393</MicrosoftExtensionsLoggingDebugPackageVersion>
-    <MicrosoftExtensionsLoggingPackageVersion>3.0.0-alpha1-10393</MicrosoftExtensionsLoggingPackageVersion>
-    <MicrosoftExtensionsOptionsPackageVersion>3.0.0-alpha1-10393</MicrosoftExtensionsOptionsPackageVersion>
-    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>3.0.0-alpha1-10393</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
-    <MicrosoftExtensionsWebEncodersPackageVersion>3.0.0-alpha1-10393</MicrosoftExtensionsWebEncodersPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>3.0.0-alpha1-10400</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>3.0.0-alpha1-10400</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
+    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>3.0.0-alpha1-10400</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
+    <MicrosoftAspNetCoreDataProtectionPackageVersion>3.0.0-alpha1-10400</MicrosoftAspNetCoreDataProtectionPackageVersion>
+    <MicrosoftAspNetCoreDiagnosticsPackageVersion>3.0.0-alpha1-10400</MicrosoftAspNetCoreDiagnosticsPackageVersion>
+    <MicrosoftAspNetCoreHostingPackageVersion>3.0.0-alpha1-10400</MicrosoftAspNetCoreHostingPackageVersion>
+    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>3.0.0-alpha1-10400</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
+    <MicrosoftAspNetCoreHttpPackageVersion>3.0.0-alpha1-10400</MicrosoftAspNetCoreHttpPackageVersion>
+    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>3.0.0-alpha1-10400</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>3.0.0-alpha1-10400</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>3.0.0-alpha1-10400</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreStaticFilesPackageVersion>3.0.0-alpha1-10400</MicrosoftAspNetCoreStaticFilesPackageVersion>
+    <MicrosoftAspNetCoreTestHostPackageVersion>3.0.0-alpha1-10400</MicrosoftAspNetCoreTestHostPackageVersion>
+    <MicrosoftAspNetCoreTestingPackageVersion>3.0.0-alpha1-10400</MicrosoftAspNetCoreTestingPackageVersion>
+    <MicrosoftExtensionsCachingMemoryPackageVersion>3.0.0-alpha1-10400</MicrosoftExtensionsCachingMemoryPackageVersion>
+    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>3.0.0-alpha1-10400</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
+    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>3.0.0-alpha1-10400</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionPackageVersion>3.0.0-alpha1-10400</MicrosoftExtensionsDependencyInjectionPackageVersion>
+    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>3.0.0-alpha1-10400</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
+    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>3.0.0-alpha1-10400</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingConsolePackageVersion>3.0.0-alpha1-10400</MicrosoftExtensionsLoggingConsolePackageVersion>
+    <MicrosoftExtensionsLoggingDebugPackageVersion>3.0.0-alpha1-10400</MicrosoftExtensionsLoggingDebugPackageVersion>
+    <MicrosoftExtensionsLoggingPackageVersion>3.0.0-alpha1-10400</MicrosoftExtensionsLoggingPackageVersion>
+    <MicrosoftExtensionsOptionsPackageVersion>3.0.0-alpha1-10400</MicrosoftExtensionsOptionsPackageVersion>
+    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>3.0.0-alpha1-10400</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
+    <MicrosoftExtensionsWebEncodersPackageVersion>3.0.0-alpha1-10400</MicrosoftExtensionsWebEncodersPackageVersion>
     <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.2</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
     <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
     <MicrosoftIdentityModelProtocolsWsFederationPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsWsFederationPackageVersion>
     <MicrosoftNETCoreApp20PackageVersion>2.0.9</MicrosoftNETCoreApp20PackageVersion>
-    <MicrosoftNETCoreApp21PackageVersion>2.1.2</MicrosoftNETCoreApp21PackageVersion>
-    <MicrosoftNETCoreApp22PackageVersion>2.2.0-preview1-26618-02</MicrosoftNETCoreApp22PackageVersion>
+    <MicrosoftNETCoreApp21PackageVersion>2.1.3</MicrosoftNETCoreApp21PackageVersion>
+    <MicrosoftNETCoreApp22PackageVersion>2.2.0-preview2-26905-02</MicrosoftNETCoreApp22PackageVersion>
     <MicrosoftNETTestSdkPackageVersion>15.6.1</MicrosoftNETTestSdkPackageVersion>
     <MicrosoftOwinSecurityCookiesPackageVersion>3.0.1</MicrosoftOwinSecurityCookiesPackageVersion>
     <MicrosoftOwinSecurityPackageVersion>3.0.1</MicrosoftOwinSecurityPackageVersion>

From 5cd5de3bb8558c61f02b29c3979e5f71af98cc70 Mon Sep 17 00:00:00 2001
From: "ASP.NET CI" <aspnetci@users.noreply.github.com>
Date: Sun, 9 Sep 2018 19:29:49 +0000
Subject: [PATCH 17/30] Update dependencies.props

[auto-updated: dependencies]
---
 build/dependencies.props | 54 ++++++++++++++++++++--------------------
 korebuild-lock.txt       |  4 +--
 2 files changed, 29 insertions(+), 29 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index a6108f771a..4245f2fd44 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -3,33 +3,33 @@
     <MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects>
   </PropertyGroup>
   <PropertyGroup Label="Package Versions">
-    <InternalAspNetCoreSdkPackageVersion>3.0.0-alpha1-20180821.3</InternalAspNetCoreSdkPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>3.0.0-alpha1-10400</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>3.0.0-alpha1-10400</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
-    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>3.0.0-alpha1-10400</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
-    <MicrosoftAspNetCoreDataProtectionPackageVersion>3.0.0-alpha1-10400</MicrosoftAspNetCoreDataProtectionPackageVersion>
-    <MicrosoftAspNetCoreDiagnosticsPackageVersion>3.0.0-alpha1-10400</MicrosoftAspNetCoreDiagnosticsPackageVersion>
-    <MicrosoftAspNetCoreHostingPackageVersion>3.0.0-alpha1-10400</MicrosoftAspNetCoreHostingPackageVersion>
-    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>3.0.0-alpha1-10400</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
-    <MicrosoftAspNetCoreHttpPackageVersion>3.0.0-alpha1-10400</MicrosoftAspNetCoreHttpPackageVersion>
-    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>3.0.0-alpha1-10400</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>3.0.0-alpha1-10400</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelPackageVersion>3.0.0-alpha1-10400</MicrosoftAspNetCoreServerKestrelPackageVersion>
-    <MicrosoftAspNetCoreStaticFilesPackageVersion>3.0.0-alpha1-10400</MicrosoftAspNetCoreStaticFilesPackageVersion>
-    <MicrosoftAspNetCoreTestHostPackageVersion>3.0.0-alpha1-10400</MicrosoftAspNetCoreTestHostPackageVersion>
-    <MicrosoftAspNetCoreTestingPackageVersion>3.0.0-alpha1-10400</MicrosoftAspNetCoreTestingPackageVersion>
-    <MicrosoftExtensionsCachingMemoryPackageVersion>3.0.0-alpha1-10400</MicrosoftExtensionsCachingMemoryPackageVersion>
-    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>3.0.0-alpha1-10400</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
-    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>3.0.0-alpha1-10400</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
-    <MicrosoftExtensionsDependencyInjectionPackageVersion>3.0.0-alpha1-10400</MicrosoftExtensionsDependencyInjectionPackageVersion>
-    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>3.0.0-alpha1-10400</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
-    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>3.0.0-alpha1-10400</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingConsolePackageVersion>3.0.0-alpha1-10400</MicrosoftExtensionsLoggingConsolePackageVersion>
-    <MicrosoftExtensionsLoggingDebugPackageVersion>3.0.0-alpha1-10400</MicrosoftExtensionsLoggingDebugPackageVersion>
-    <MicrosoftExtensionsLoggingPackageVersion>3.0.0-alpha1-10400</MicrosoftExtensionsLoggingPackageVersion>
-    <MicrosoftExtensionsOptionsPackageVersion>3.0.0-alpha1-10400</MicrosoftExtensionsOptionsPackageVersion>
-    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>3.0.0-alpha1-10400</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
-    <MicrosoftExtensionsWebEncodersPackageVersion>3.0.0-alpha1-10400</MicrosoftExtensionsWebEncodersPackageVersion>
+    <InternalAspNetCoreSdkPackageVersion>3.0.0-alpha1-20180907.9</InternalAspNetCoreSdkPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>3.0.0-alpha1-10419</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>3.0.0-alpha1-10419</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
+    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>3.0.0-alpha1-10419</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
+    <MicrosoftAspNetCoreDataProtectionPackageVersion>3.0.0-alpha1-10419</MicrosoftAspNetCoreDataProtectionPackageVersion>
+    <MicrosoftAspNetCoreDiagnosticsPackageVersion>3.0.0-alpha1-10419</MicrosoftAspNetCoreDiagnosticsPackageVersion>
+    <MicrosoftAspNetCoreHostingPackageVersion>3.0.0-alpha1-10419</MicrosoftAspNetCoreHostingPackageVersion>
+    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>3.0.0-alpha1-10419</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
+    <MicrosoftAspNetCoreHttpPackageVersion>3.0.0-alpha1-10419</MicrosoftAspNetCoreHttpPackageVersion>
+    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>3.0.0-alpha1-10419</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>3.0.0-alpha1-10419</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>3.0.0-alpha1-10419</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreStaticFilesPackageVersion>3.0.0-alpha1-10419</MicrosoftAspNetCoreStaticFilesPackageVersion>
+    <MicrosoftAspNetCoreTestHostPackageVersion>3.0.0-alpha1-10419</MicrosoftAspNetCoreTestHostPackageVersion>
+    <MicrosoftAspNetCoreTestingPackageVersion>3.0.0-alpha1-10419</MicrosoftAspNetCoreTestingPackageVersion>
+    <MicrosoftExtensionsCachingMemoryPackageVersion>3.0.0-alpha1-10419</MicrosoftExtensionsCachingMemoryPackageVersion>
+    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>3.0.0-alpha1-10419</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
+    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>3.0.0-alpha1-10419</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionPackageVersion>3.0.0-alpha1-10419</MicrosoftExtensionsDependencyInjectionPackageVersion>
+    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>3.0.0-alpha1-10419</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
+    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>3.0.0-alpha1-10419</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingConsolePackageVersion>3.0.0-alpha1-10419</MicrosoftExtensionsLoggingConsolePackageVersion>
+    <MicrosoftExtensionsLoggingDebugPackageVersion>3.0.0-alpha1-10419</MicrosoftExtensionsLoggingDebugPackageVersion>
+    <MicrosoftExtensionsLoggingPackageVersion>3.0.0-alpha1-10419</MicrosoftExtensionsLoggingPackageVersion>
+    <MicrosoftExtensionsOptionsPackageVersion>3.0.0-alpha1-10419</MicrosoftExtensionsOptionsPackageVersion>
+    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>3.0.0-alpha1-10419</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
+    <MicrosoftExtensionsWebEncodersPackageVersion>3.0.0-alpha1-10419</MicrosoftExtensionsWebEncodersPackageVersion>
     <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.2</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
     <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
     <MicrosoftIdentityModelProtocolsWsFederationPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsWsFederationPackageVersion>
diff --git a/korebuild-lock.txt b/korebuild-lock.txt
index 767a471795..b614cab6e8 100644
--- a/korebuild-lock.txt
+++ b/korebuild-lock.txt
@@ -1,2 +1,2 @@
-version:3.0.0-alpha1-20180821.3
-commithash:0939a90812deb1c604eb9a4768869687495fc1dd
+version:3.0.0-alpha1-20180907.9
+commithash:f997365a8832ff0a3cbd9a98df45734ac2723fa0

From 7b6c9cf0eeb149f2142dedd55a17430e7831ea99 Mon Sep 17 00:00:00 2001
From: "ASP.NET CI" <aspnetci@users.noreply.github.com>
Date: Sun, 16 Sep 2018 19:29:05 +0000
Subject: [PATCH 18/30] Update dependencies.props

[auto-updated: dependencies]
---
 build/dependencies.props | 54 ++++++++++++++++++++--------------------
 korebuild-lock.txt       |  4 +--
 2 files changed, 29 insertions(+), 29 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index 4245f2fd44..a9ec2c3415 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -3,33 +3,33 @@
     <MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects>
   </PropertyGroup>
   <PropertyGroup Label="Package Versions">
-    <InternalAspNetCoreSdkPackageVersion>3.0.0-alpha1-20180907.9</InternalAspNetCoreSdkPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>3.0.0-alpha1-10419</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>3.0.0-alpha1-10419</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
-    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>3.0.0-alpha1-10419</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
-    <MicrosoftAspNetCoreDataProtectionPackageVersion>3.0.0-alpha1-10419</MicrosoftAspNetCoreDataProtectionPackageVersion>
-    <MicrosoftAspNetCoreDiagnosticsPackageVersion>3.0.0-alpha1-10419</MicrosoftAspNetCoreDiagnosticsPackageVersion>
-    <MicrosoftAspNetCoreHostingPackageVersion>3.0.0-alpha1-10419</MicrosoftAspNetCoreHostingPackageVersion>
-    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>3.0.0-alpha1-10419</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
-    <MicrosoftAspNetCoreHttpPackageVersion>3.0.0-alpha1-10419</MicrosoftAspNetCoreHttpPackageVersion>
-    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>3.0.0-alpha1-10419</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>3.0.0-alpha1-10419</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelPackageVersion>3.0.0-alpha1-10419</MicrosoftAspNetCoreServerKestrelPackageVersion>
-    <MicrosoftAspNetCoreStaticFilesPackageVersion>3.0.0-alpha1-10419</MicrosoftAspNetCoreStaticFilesPackageVersion>
-    <MicrosoftAspNetCoreTestHostPackageVersion>3.0.0-alpha1-10419</MicrosoftAspNetCoreTestHostPackageVersion>
-    <MicrosoftAspNetCoreTestingPackageVersion>3.0.0-alpha1-10419</MicrosoftAspNetCoreTestingPackageVersion>
-    <MicrosoftExtensionsCachingMemoryPackageVersion>3.0.0-alpha1-10419</MicrosoftExtensionsCachingMemoryPackageVersion>
-    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>3.0.0-alpha1-10419</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
-    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>3.0.0-alpha1-10419</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
-    <MicrosoftExtensionsDependencyInjectionPackageVersion>3.0.0-alpha1-10419</MicrosoftExtensionsDependencyInjectionPackageVersion>
-    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>3.0.0-alpha1-10419</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
-    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>3.0.0-alpha1-10419</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingConsolePackageVersion>3.0.0-alpha1-10419</MicrosoftExtensionsLoggingConsolePackageVersion>
-    <MicrosoftExtensionsLoggingDebugPackageVersion>3.0.0-alpha1-10419</MicrosoftExtensionsLoggingDebugPackageVersion>
-    <MicrosoftExtensionsLoggingPackageVersion>3.0.0-alpha1-10419</MicrosoftExtensionsLoggingPackageVersion>
-    <MicrosoftExtensionsOptionsPackageVersion>3.0.0-alpha1-10419</MicrosoftExtensionsOptionsPackageVersion>
-    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>3.0.0-alpha1-10419</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
-    <MicrosoftExtensionsWebEncodersPackageVersion>3.0.0-alpha1-10419</MicrosoftExtensionsWebEncodersPackageVersion>
+    <InternalAspNetCoreSdkPackageVersion>3.0.0-alpha1-20180911.2</InternalAspNetCoreSdkPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>3.0.0-alpha1-10454</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>3.0.0-alpha1-10454</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
+    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>3.0.0-alpha1-10454</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
+    <MicrosoftAspNetCoreDataProtectionPackageVersion>3.0.0-alpha1-10454</MicrosoftAspNetCoreDataProtectionPackageVersion>
+    <MicrosoftAspNetCoreDiagnosticsPackageVersion>3.0.0-alpha1-10454</MicrosoftAspNetCoreDiagnosticsPackageVersion>
+    <MicrosoftAspNetCoreHostingPackageVersion>3.0.0-alpha1-10454</MicrosoftAspNetCoreHostingPackageVersion>
+    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>3.0.0-alpha1-10454</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
+    <MicrosoftAspNetCoreHttpPackageVersion>3.0.0-alpha1-10454</MicrosoftAspNetCoreHttpPackageVersion>
+    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>3.0.0-alpha1-10454</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>3.0.0-alpha1-10454</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>3.0.0-alpha1-10454</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreStaticFilesPackageVersion>3.0.0-alpha1-10454</MicrosoftAspNetCoreStaticFilesPackageVersion>
+    <MicrosoftAspNetCoreTestHostPackageVersion>3.0.0-alpha1-10454</MicrosoftAspNetCoreTestHostPackageVersion>
+    <MicrosoftAspNetCoreTestingPackageVersion>3.0.0-alpha1-10454</MicrosoftAspNetCoreTestingPackageVersion>
+    <MicrosoftExtensionsCachingMemoryPackageVersion>3.0.0-alpha1-10454</MicrosoftExtensionsCachingMemoryPackageVersion>
+    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>3.0.0-alpha1-10454</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
+    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>3.0.0-alpha1-10454</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionPackageVersion>3.0.0-alpha1-10454</MicrosoftExtensionsDependencyInjectionPackageVersion>
+    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>3.0.0-alpha1-10454</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
+    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>3.0.0-alpha1-10454</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingConsolePackageVersion>3.0.0-alpha1-10454</MicrosoftExtensionsLoggingConsolePackageVersion>
+    <MicrosoftExtensionsLoggingDebugPackageVersion>3.0.0-alpha1-10454</MicrosoftExtensionsLoggingDebugPackageVersion>
+    <MicrosoftExtensionsLoggingPackageVersion>3.0.0-alpha1-10454</MicrosoftExtensionsLoggingPackageVersion>
+    <MicrosoftExtensionsOptionsPackageVersion>3.0.0-alpha1-10454</MicrosoftExtensionsOptionsPackageVersion>
+    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>3.0.0-alpha1-10454</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
+    <MicrosoftExtensionsWebEncodersPackageVersion>3.0.0-alpha1-10454</MicrosoftExtensionsWebEncodersPackageVersion>
     <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.2</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
     <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
     <MicrosoftIdentityModelProtocolsWsFederationPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsWsFederationPackageVersion>
diff --git a/korebuild-lock.txt b/korebuild-lock.txt
index b614cab6e8..a817c10d28 100644
--- a/korebuild-lock.txt
+++ b/korebuild-lock.txt
@@ -1,2 +1,2 @@
-version:3.0.0-alpha1-20180907.9
-commithash:f997365a8832ff0a3cbd9a98df45734ac2723fa0
+version:3.0.0-alpha1-20180911.2
+commithash:2a2b7dbea1b247930c41da497f4ea0b2bb756818

From 9c7f0b0b0d664c3c9e0cb045a4749c07a7be2d2e Mon Sep 17 00:00:00 2001
From: "ASP.NET CI" <aspnetci@users.noreply.github.com>
Date: Sun, 23 Sep 2018 12:27:28 -0700
Subject: [PATCH 19/30] Update dependencies.props

[auto-updated: dependencies]
---
 build/dependencies.props | 54 ++++++++++++++++++++--------------------
 korebuild-lock.txt       |  4 +--
 2 files changed, 29 insertions(+), 29 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index a9ec2c3415..2fab2c7bfa 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -3,33 +3,33 @@
     <MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects>
   </PropertyGroup>
   <PropertyGroup Label="Package Versions">
-    <InternalAspNetCoreSdkPackageVersion>3.0.0-alpha1-20180911.2</InternalAspNetCoreSdkPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>3.0.0-alpha1-10454</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>3.0.0-alpha1-10454</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
-    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>3.0.0-alpha1-10454</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
-    <MicrosoftAspNetCoreDataProtectionPackageVersion>3.0.0-alpha1-10454</MicrosoftAspNetCoreDataProtectionPackageVersion>
-    <MicrosoftAspNetCoreDiagnosticsPackageVersion>3.0.0-alpha1-10454</MicrosoftAspNetCoreDiagnosticsPackageVersion>
-    <MicrosoftAspNetCoreHostingPackageVersion>3.0.0-alpha1-10454</MicrosoftAspNetCoreHostingPackageVersion>
-    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>3.0.0-alpha1-10454</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
-    <MicrosoftAspNetCoreHttpPackageVersion>3.0.0-alpha1-10454</MicrosoftAspNetCoreHttpPackageVersion>
-    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>3.0.0-alpha1-10454</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>3.0.0-alpha1-10454</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelPackageVersion>3.0.0-alpha1-10454</MicrosoftAspNetCoreServerKestrelPackageVersion>
-    <MicrosoftAspNetCoreStaticFilesPackageVersion>3.0.0-alpha1-10454</MicrosoftAspNetCoreStaticFilesPackageVersion>
-    <MicrosoftAspNetCoreTestHostPackageVersion>3.0.0-alpha1-10454</MicrosoftAspNetCoreTestHostPackageVersion>
-    <MicrosoftAspNetCoreTestingPackageVersion>3.0.0-alpha1-10454</MicrosoftAspNetCoreTestingPackageVersion>
-    <MicrosoftExtensionsCachingMemoryPackageVersion>3.0.0-alpha1-10454</MicrosoftExtensionsCachingMemoryPackageVersion>
-    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>3.0.0-alpha1-10454</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
-    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>3.0.0-alpha1-10454</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
-    <MicrosoftExtensionsDependencyInjectionPackageVersion>3.0.0-alpha1-10454</MicrosoftExtensionsDependencyInjectionPackageVersion>
-    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>3.0.0-alpha1-10454</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
-    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>3.0.0-alpha1-10454</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingConsolePackageVersion>3.0.0-alpha1-10454</MicrosoftExtensionsLoggingConsolePackageVersion>
-    <MicrosoftExtensionsLoggingDebugPackageVersion>3.0.0-alpha1-10454</MicrosoftExtensionsLoggingDebugPackageVersion>
-    <MicrosoftExtensionsLoggingPackageVersion>3.0.0-alpha1-10454</MicrosoftExtensionsLoggingPackageVersion>
-    <MicrosoftExtensionsOptionsPackageVersion>3.0.0-alpha1-10454</MicrosoftExtensionsOptionsPackageVersion>
-    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>3.0.0-alpha1-10454</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
-    <MicrosoftExtensionsWebEncodersPackageVersion>3.0.0-alpha1-10454</MicrosoftExtensionsWebEncodersPackageVersion>
+    <InternalAspNetCoreSdkPackageVersion>3.0.0-alpha1-20180919.1</InternalAspNetCoreSdkPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>3.0.0-alpha1-10495</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>3.0.0-alpha1-10495</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
+    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>3.0.0-alpha1-10495</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
+    <MicrosoftAspNetCoreDataProtectionPackageVersion>3.0.0-alpha1-10495</MicrosoftAspNetCoreDataProtectionPackageVersion>
+    <MicrosoftAspNetCoreDiagnosticsPackageVersion>3.0.0-alpha1-10495</MicrosoftAspNetCoreDiagnosticsPackageVersion>
+    <MicrosoftAspNetCoreHostingPackageVersion>3.0.0-alpha1-10495</MicrosoftAspNetCoreHostingPackageVersion>
+    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>3.0.0-alpha1-10495</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
+    <MicrosoftAspNetCoreHttpPackageVersion>3.0.0-alpha1-10495</MicrosoftAspNetCoreHttpPackageVersion>
+    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>3.0.0-alpha1-10495</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>3.0.0-alpha1-10495</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>3.0.0-alpha1-10495</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreStaticFilesPackageVersion>3.0.0-alpha1-10495</MicrosoftAspNetCoreStaticFilesPackageVersion>
+    <MicrosoftAspNetCoreTestHostPackageVersion>3.0.0-alpha1-10495</MicrosoftAspNetCoreTestHostPackageVersion>
+    <MicrosoftAspNetCoreTestingPackageVersion>3.0.0-alpha1-10495</MicrosoftAspNetCoreTestingPackageVersion>
+    <MicrosoftExtensionsCachingMemoryPackageVersion>3.0.0-alpha1-10495</MicrosoftExtensionsCachingMemoryPackageVersion>
+    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>3.0.0-alpha1-10495</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
+    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>3.0.0-alpha1-10495</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionPackageVersion>3.0.0-alpha1-10495</MicrosoftExtensionsDependencyInjectionPackageVersion>
+    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>3.0.0-alpha1-10495</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
+    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>3.0.0-alpha1-10495</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingConsolePackageVersion>3.0.0-alpha1-10495</MicrosoftExtensionsLoggingConsolePackageVersion>
+    <MicrosoftExtensionsLoggingDebugPackageVersion>3.0.0-alpha1-10495</MicrosoftExtensionsLoggingDebugPackageVersion>
+    <MicrosoftExtensionsLoggingPackageVersion>3.0.0-alpha1-10495</MicrosoftExtensionsLoggingPackageVersion>
+    <MicrosoftExtensionsOptionsPackageVersion>3.0.0-alpha1-10495</MicrosoftExtensionsOptionsPackageVersion>
+    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>3.0.0-alpha1-10495</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
+    <MicrosoftExtensionsWebEncodersPackageVersion>3.0.0-alpha1-10495</MicrosoftExtensionsWebEncodersPackageVersion>
     <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.2</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
     <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
     <MicrosoftIdentityModelProtocolsWsFederationPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsWsFederationPackageVersion>
diff --git a/korebuild-lock.txt b/korebuild-lock.txt
index a817c10d28..d66a13bdc7 100644
--- a/korebuild-lock.txt
+++ b/korebuild-lock.txt
@@ -1,2 +1,2 @@
-version:3.0.0-alpha1-20180911.2
-commithash:2a2b7dbea1b247930c41da497f4ea0b2bb756818
+version:3.0.0-alpha1-20180919.1
+commithash:3066ae0a230870ea07e3f132605b5e5493f8bbd4

From 59bbd966902fa195c8bbd0a168475bb361bc9aa7 Mon Sep 17 00:00:00 2001
From: Eilon Lipton <Eilon@users.noreply.github.com>
Date: Thu, 27 Sep 2018 15:22:42 -0700
Subject: [PATCH 20/30] Update LICENSE.txt

---
 LICENSE.txt | 207 +++++++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 197 insertions(+), 10 deletions(-)

diff --git a/LICENSE.txt b/LICENSE.txt
index 7b2956ecee..b3b180cd51 100644
--- a/LICENSE.txt
+++ b/LICENSE.txt
@@ -1,14 +1,201 @@
-Copyright (c) .NET Foundation and Contributors
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
 
-All rights reserved.
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
 
-Licensed under the Apache License, Version 2.0 (the "License"); you may not use
-this file except in compliance with the License. You may obtain a copy of the
-License at
+   1. Definitions.
 
-    http://www.apache.org/licenses/LICENSE-2.0
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
 
-Unless required by applicable law or agreed to in writing, software distributed
-under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-CONDITIONS OF ANY KIND, either express or implied. See the License for the
-specific language governing permissions and limitations under the License.
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright (c) .NET Foundation and Contributors
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

From 564d53641ddba29f502d350cd4a95484b313acd9 Mon Sep 17 00:00:00 2001
From: "ASP.NET CI" <aspnetci@users.noreply.github.com>
Date: Sun, 30 Sep 2018 12:27:37 -0700
Subject: [PATCH 21/30] Update dependencies.props

[auto-updated: dependencies]
---
 build/dependencies.props | 52 ++++++++++++++++++++--------------------
 1 file changed, 26 insertions(+), 26 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index bcac6f0ec1..b83428bb61 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -4,32 +4,32 @@
   </PropertyGroup>
   <PropertyGroup Label="Package Versions">
     <InternalAspNetCoreSdkPackageVersion>3.0.0-alpha1-20180919.1</InternalAspNetCoreSdkPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>3.0.0-alpha1-10495</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>3.0.0-alpha1-10495</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
-    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>3.0.0-alpha1-10495</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
-    <MicrosoftAspNetCoreDataProtectionPackageVersion>3.0.0-alpha1-10495</MicrosoftAspNetCoreDataProtectionPackageVersion>
-    <MicrosoftAspNetCoreDiagnosticsPackageVersion>3.0.0-alpha1-10495</MicrosoftAspNetCoreDiagnosticsPackageVersion>
-    <MicrosoftAspNetCoreHostingPackageVersion>3.0.0-alpha1-10495</MicrosoftAspNetCoreHostingPackageVersion>
-    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>3.0.0-alpha1-10495</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
-    <MicrosoftAspNetCoreHttpPackageVersion>3.0.0-alpha1-10495</MicrosoftAspNetCoreHttpPackageVersion>
-    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>3.0.0-alpha1-10495</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>3.0.0-alpha1-10495</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelPackageVersion>3.0.0-alpha1-10495</MicrosoftAspNetCoreServerKestrelPackageVersion>
-    <MicrosoftAspNetCoreStaticFilesPackageVersion>3.0.0-alpha1-10495</MicrosoftAspNetCoreStaticFilesPackageVersion>
-    <MicrosoftAspNetCoreTestHostPackageVersion>3.0.0-alpha1-10495</MicrosoftAspNetCoreTestHostPackageVersion>
-    <MicrosoftAspNetCoreTestingPackageVersion>3.0.0-alpha1-10495</MicrosoftAspNetCoreTestingPackageVersion>
-    <MicrosoftExtensionsCachingMemoryPackageVersion>3.0.0-alpha1-10495</MicrosoftExtensionsCachingMemoryPackageVersion>
-    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>3.0.0-alpha1-10495</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
-    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>3.0.0-alpha1-10495</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
-    <MicrosoftExtensionsDependencyInjectionPackageVersion>3.0.0-alpha1-10495</MicrosoftExtensionsDependencyInjectionPackageVersion>
-    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>3.0.0-alpha1-10495</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
-    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>3.0.0-alpha1-10495</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingConsolePackageVersion>3.0.0-alpha1-10495</MicrosoftExtensionsLoggingConsolePackageVersion>
-    <MicrosoftExtensionsLoggingDebugPackageVersion>3.0.0-alpha1-10495</MicrosoftExtensionsLoggingDebugPackageVersion>
-    <MicrosoftExtensionsLoggingPackageVersion>3.0.0-alpha1-10495</MicrosoftExtensionsLoggingPackageVersion>
-    <MicrosoftExtensionsOptionsPackageVersion>3.0.0-alpha1-10495</MicrosoftExtensionsOptionsPackageVersion>
-    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>3.0.0-alpha1-10495</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
-    <MicrosoftExtensionsWebEncodersPackageVersion>3.0.0-alpha1-10495</MicrosoftExtensionsWebEncodersPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>3.0.0-alpha1-10549</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>3.0.0-alpha1-10549</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
+    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>3.0.0-alpha1-10549</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
+    <MicrosoftAspNetCoreDataProtectionPackageVersion>3.0.0-alpha1-10549</MicrosoftAspNetCoreDataProtectionPackageVersion>
+    <MicrosoftAspNetCoreDiagnosticsPackageVersion>3.0.0-alpha1-10549</MicrosoftAspNetCoreDiagnosticsPackageVersion>
+    <MicrosoftAspNetCoreHostingPackageVersion>3.0.0-alpha1-10549</MicrosoftAspNetCoreHostingPackageVersion>
+    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>3.0.0-alpha1-10549</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
+    <MicrosoftAspNetCoreHttpPackageVersion>3.0.0-alpha1-10549</MicrosoftAspNetCoreHttpPackageVersion>
+    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>3.0.0-alpha1-10549</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>3.0.0-alpha1-10549</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>3.0.0-alpha1-10549</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreStaticFilesPackageVersion>3.0.0-alpha1-10549</MicrosoftAspNetCoreStaticFilesPackageVersion>
+    <MicrosoftAspNetCoreTestHostPackageVersion>3.0.0-alpha1-10549</MicrosoftAspNetCoreTestHostPackageVersion>
+    <MicrosoftAspNetCoreTestingPackageVersion>3.0.0-alpha1-10549</MicrosoftAspNetCoreTestingPackageVersion>
+    <MicrosoftExtensionsCachingMemoryPackageVersion>3.0.0-alpha1-10549</MicrosoftExtensionsCachingMemoryPackageVersion>
+    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>3.0.0-alpha1-10549</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
+    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>3.0.0-alpha1-10549</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionPackageVersion>3.0.0-alpha1-10549</MicrosoftExtensionsDependencyInjectionPackageVersion>
+    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>3.0.0-alpha1-10549</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
+    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>3.0.0-alpha1-10549</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingConsolePackageVersion>3.0.0-alpha1-10549</MicrosoftExtensionsLoggingConsolePackageVersion>
+    <MicrosoftExtensionsLoggingDebugPackageVersion>3.0.0-alpha1-10549</MicrosoftExtensionsLoggingDebugPackageVersion>
+    <MicrosoftExtensionsLoggingPackageVersion>3.0.0-alpha1-10549</MicrosoftExtensionsLoggingPackageVersion>
+    <MicrosoftExtensionsOptionsPackageVersion>3.0.0-alpha1-10549</MicrosoftExtensionsOptionsPackageVersion>
+    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>3.0.0-alpha1-10549</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
+    <MicrosoftExtensionsWebEncodersPackageVersion>3.0.0-alpha1-10549</MicrosoftExtensionsWebEncodersPackageVersion>
     <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.2</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
     <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
     <MicrosoftIdentityModelProtocolsWsFederationPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsWsFederationPackageVersion>

From ecfb19993a3ed965de2a7738b597949924ca88d1 Mon Sep 17 00:00:00 2001
From: "ASP.NET CI" <aspnetci@users.noreply.github.com>
Date: Sun, 7 Oct 2018 12:29:16 -0700
Subject: [PATCH 22/30] Update dependencies.props

[auto-updated: dependencies]
---
 build/dependencies.props | 54 ++++++++++++++++++++--------------------
 korebuild-lock.txt       |  4 +--
 2 files changed, 29 insertions(+), 29 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index b83428bb61..6b6523c76f 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -3,33 +3,33 @@
     <MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects>
   </PropertyGroup>
   <PropertyGroup Label="Package Versions">
-    <InternalAspNetCoreSdkPackageVersion>3.0.0-alpha1-20180919.1</InternalAspNetCoreSdkPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>3.0.0-alpha1-10549</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>3.0.0-alpha1-10549</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
-    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>3.0.0-alpha1-10549</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
-    <MicrosoftAspNetCoreDataProtectionPackageVersion>3.0.0-alpha1-10549</MicrosoftAspNetCoreDataProtectionPackageVersion>
-    <MicrosoftAspNetCoreDiagnosticsPackageVersion>3.0.0-alpha1-10549</MicrosoftAspNetCoreDiagnosticsPackageVersion>
-    <MicrosoftAspNetCoreHostingPackageVersion>3.0.0-alpha1-10549</MicrosoftAspNetCoreHostingPackageVersion>
-    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>3.0.0-alpha1-10549</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
-    <MicrosoftAspNetCoreHttpPackageVersion>3.0.0-alpha1-10549</MicrosoftAspNetCoreHttpPackageVersion>
-    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>3.0.0-alpha1-10549</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>3.0.0-alpha1-10549</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelPackageVersion>3.0.0-alpha1-10549</MicrosoftAspNetCoreServerKestrelPackageVersion>
-    <MicrosoftAspNetCoreStaticFilesPackageVersion>3.0.0-alpha1-10549</MicrosoftAspNetCoreStaticFilesPackageVersion>
-    <MicrosoftAspNetCoreTestHostPackageVersion>3.0.0-alpha1-10549</MicrosoftAspNetCoreTestHostPackageVersion>
-    <MicrosoftAspNetCoreTestingPackageVersion>3.0.0-alpha1-10549</MicrosoftAspNetCoreTestingPackageVersion>
-    <MicrosoftExtensionsCachingMemoryPackageVersion>3.0.0-alpha1-10549</MicrosoftExtensionsCachingMemoryPackageVersion>
-    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>3.0.0-alpha1-10549</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
-    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>3.0.0-alpha1-10549</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
-    <MicrosoftExtensionsDependencyInjectionPackageVersion>3.0.0-alpha1-10549</MicrosoftExtensionsDependencyInjectionPackageVersion>
-    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>3.0.0-alpha1-10549</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
-    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>3.0.0-alpha1-10549</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingConsolePackageVersion>3.0.0-alpha1-10549</MicrosoftExtensionsLoggingConsolePackageVersion>
-    <MicrosoftExtensionsLoggingDebugPackageVersion>3.0.0-alpha1-10549</MicrosoftExtensionsLoggingDebugPackageVersion>
-    <MicrosoftExtensionsLoggingPackageVersion>3.0.0-alpha1-10549</MicrosoftExtensionsLoggingPackageVersion>
-    <MicrosoftExtensionsOptionsPackageVersion>3.0.0-alpha1-10549</MicrosoftExtensionsOptionsPackageVersion>
-    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>3.0.0-alpha1-10549</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
-    <MicrosoftExtensionsWebEncodersPackageVersion>3.0.0-alpha1-10549</MicrosoftExtensionsWebEncodersPackageVersion>
+    <InternalAspNetCoreSdkPackageVersion>3.0.0-alpha1-20181004.7</InternalAspNetCoreSdkPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>3.0.0-alpha1-10584</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>3.0.0-alpha1-10584</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
+    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>3.0.0-alpha1-10584</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
+    <MicrosoftAspNetCoreDataProtectionPackageVersion>3.0.0-alpha1-10584</MicrosoftAspNetCoreDataProtectionPackageVersion>
+    <MicrosoftAspNetCoreDiagnosticsPackageVersion>3.0.0-alpha1-10584</MicrosoftAspNetCoreDiagnosticsPackageVersion>
+    <MicrosoftAspNetCoreHostingPackageVersion>3.0.0-alpha1-10584</MicrosoftAspNetCoreHostingPackageVersion>
+    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>3.0.0-alpha1-10584</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
+    <MicrosoftAspNetCoreHttpPackageVersion>3.0.0-alpha1-10584</MicrosoftAspNetCoreHttpPackageVersion>
+    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>3.0.0-alpha1-10584</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>3.0.0-alpha1-10584</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>3.0.0-alpha1-10584</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreStaticFilesPackageVersion>3.0.0-alpha1-10584</MicrosoftAspNetCoreStaticFilesPackageVersion>
+    <MicrosoftAspNetCoreTestHostPackageVersion>3.0.0-alpha1-10584</MicrosoftAspNetCoreTestHostPackageVersion>
+    <MicrosoftAspNetCoreTestingPackageVersion>3.0.0-alpha1-10584</MicrosoftAspNetCoreTestingPackageVersion>
+    <MicrosoftExtensionsCachingMemoryPackageVersion>3.0.0-alpha1-10584</MicrosoftExtensionsCachingMemoryPackageVersion>
+    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>3.0.0-alpha1-10584</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
+    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>3.0.0-alpha1-10584</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionPackageVersion>3.0.0-alpha1-10584</MicrosoftExtensionsDependencyInjectionPackageVersion>
+    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>3.0.0-alpha1-10584</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
+    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>3.0.0-alpha1-10584</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingConsolePackageVersion>3.0.0-alpha1-10584</MicrosoftExtensionsLoggingConsolePackageVersion>
+    <MicrosoftExtensionsLoggingDebugPackageVersion>3.0.0-alpha1-10584</MicrosoftExtensionsLoggingDebugPackageVersion>
+    <MicrosoftExtensionsLoggingPackageVersion>3.0.0-alpha1-10584</MicrosoftExtensionsLoggingPackageVersion>
+    <MicrosoftExtensionsOptionsPackageVersion>3.0.0-alpha1-10584</MicrosoftExtensionsOptionsPackageVersion>
+    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>3.0.0-alpha1-10584</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
+    <MicrosoftExtensionsWebEncodersPackageVersion>3.0.0-alpha1-10584</MicrosoftExtensionsWebEncodersPackageVersion>
     <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.2</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
     <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
     <MicrosoftIdentityModelProtocolsWsFederationPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsWsFederationPackageVersion>
diff --git a/korebuild-lock.txt b/korebuild-lock.txt
index d66a13bdc7..591cfd52ff 100644
--- a/korebuild-lock.txt
+++ b/korebuild-lock.txt
@@ -1,2 +1,2 @@
-version:3.0.0-alpha1-20180919.1
-commithash:3066ae0a230870ea07e3f132605b5e5493f8bbd4
+version:3.0.0-alpha1-20181004.7
+commithash:27fabdaf2b1d4753c3d2749581694ca65d78f7f2

From 32177cad1eb1eb6be8ad89a7dba1a1637c0d0786 Mon Sep 17 00:00:00 2001
From: Jason <Jason.myers8@gmail.com>
Date: Mon, 22 Oct 2018 23:50:52 -0500
Subject: [PATCH 23/30] Added missing Div tag in JwtBearer sample. (#1888)

---
 samples/JwtBearerSample/wwwroot/index.html | 1 +
 1 file changed, 1 insertion(+)

diff --git a/samples/JwtBearerSample/wwwroot/index.html b/samples/JwtBearerSample/wwwroot/index.html
index f71dccb693..4715ebd42a 100644
--- a/samples/JwtBearerSample/wwwroot/index.html
+++ b/samples/JwtBearerSample/wwwroot/index.html
@@ -64,5 +64,6 @@
         <script src="App/Scripts/userDataCtrl.js"></script>
         <script src="App/Scripts/todoListCtrl.js"></script>
         <script src="App/Scripts/todoListSvc.js"></script>
+    </div>
 </body>
 </html>

From cb83e4f48502057176b62d53e98de1d43db44a33 Mon Sep 17 00:00:00 2001
From: James Newton-King <james@newtonking.com>
Date: Thu, 8 Nov 2018 15:42:35 +1300
Subject: [PATCH 24/30] Authorization middleware (#1894)

---
 .gitignore                                    |   1 +
 Security.sln                                  |  21 +
 .../AuthorizationMiddlewareBenchmark.cs       |  53 ++
 .../AuthorizationPolicyBenchmark.cs           |  28 ++
 ...oft.AspNetCore.Security.Performance.csproj |  24 +
 .../Properties/AssemblyInfo.cs                |   1 +
 .../readme.md                                 |  16 +
 build/dependencies.props                      |  67 +--
 .../AuthorizationAppBuilderExtensions.cs      |  29 ++
 ...tionEndpointConventionBuilderExtensions.cs |  50 ++
 .../AuthorizationMiddleware.cs                | 104 ++++
 ...oft.AspNetCore.Authorization.Policy.csproj |   4 +-
 .../AuthorizationOptions.cs                   |  16 +-
 .../AuthorizationPolicy.cs                    |  88 ++--
 .../DefaultAuthorizationPolicyProvider.cs     |  23 +-
 .../IAuthorizationPolicyProvider.cs           |   6 +
 .../AuthorizationAppBuilderExtensionsTests.cs |  65 +++
 ...ndpointConventionBuilderExtensionsTests.cs |  63 +++
 .../AuthorizationMiddlewareTests.cs           | 459 ++++++++++++++++++
 .../DefaultAuthorizationServiceTests.cs       |  10 +
 ...osoft.AspNetCore.Authorization.Test.csproj |   3 +
 .../TestObjects/TestAuthenticationService.cs  |  58 +++
 22 files changed, 1124 insertions(+), 65 deletions(-)
 create mode 100644 benchmarks/Microsoft.AspNetCore.Security.Performance/AuthorizationMiddlewareBenchmark.cs
 create mode 100644 benchmarks/Microsoft.AspNetCore.Security.Performance/AuthorizationPolicyBenchmark.cs
 create mode 100644 benchmarks/Microsoft.AspNetCore.Security.Performance/Microsoft.AspNetCore.Security.Performance.csproj
 create mode 100644 benchmarks/Microsoft.AspNetCore.Security.Performance/Properties/AssemblyInfo.cs
 create mode 100644 benchmarks/Microsoft.AspNetCore.Security.Performance/readme.md
 create mode 100644 src/Microsoft.AspNetCore.Authorization.Policy/AuthorizationAppBuilderExtensions.cs
 create mode 100644 src/Microsoft.AspNetCore.Authorization.Policy/AuthorizationEndpointConventionBuilderExtensions.cs
 create mode 100644 src/Microsoft.AspNetCore.Authorization.Policy/AuthorizationMiddleware.cs
 create mode 100644 test/Microsoft.AspNetCore.Authorization.Test/AuthorizationAppBuilderExtensionsTests.cs
 create mode 100644 test/Microsoft.AspNetCore.Authorization.Test/AuthorizationEndpointConventionBuilderExtensionsTests.cs
 create mode 100644 test/Microsoft.AspNetCore.Authorization.Test/AuthorizationMiddlewareTests.cs
 create mode 100644 test/Microsoft.AspNetCore.Authorization.Test/TestObjects/TestAuthenticationService.cs

diff --git a/.gitignore b/.gitignore
index d5717b3f3f..3d7e16e84a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -30,3 +30,4 @@ project.lock.json
 /.vs/
 .vscode/
 global.json
+BenchmarkDotNet.Artifacts/
diff --git a/Security.sln b/Security.sln
index 3df759651b..240100e8c4 100644
--- a/Security.sln
+++ b/Security.sln
@@ -79,6 +79,10 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.Authen
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "WsFedSample", "samples\WsFedSample\WsFedSample.csproj", "{5EC2E398-E46A-430D-8E4B-E91C8FC3E800}"
 EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "benchmarks", "benchmarks", "{55052FE3-F8C2-4E6C-97B0-C02ED1DBEA62}"
+EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.Security.Performance", "benchmarks\Microsoft.AspNetCore.Security.Performance\Microsoft.AspNetCore.Security.Performance.csproj", "{556C4FAA-F4B1-4EA9-8921-CB1DF7D94C2A}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -517,6 +521,22 @@ Global
 		{5EC2E398-E46A-430D-8E4B-E91C8FC3E800}.Release|x64.Build.0 = Release|Any CPU
 		{5EC2E398-E46A-430D-8E4B-E91C8FC3E800}.Release|x86.ActiveCfg = Release|Any CPU
 		{5EC2E398-E46A-430D-8E4B-E91C8FC3E800}.Release|x86.Build.0 = Release|Any CPU
+		{556C4FAA-F4B1-4EA9-8921-CB1DF7D94C2A}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{556C4FAA-F4B1-4EA9-8921-CB1DF7D94C2A}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{556C4FAA-F4B1-4EA9-8921-CB1DF7D94C2A}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{556C4FAA-F4B1-4EA9-8921-CB1DF7D94C2A}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{556C4FAA-F4B1-4EA9-8921-CB1DF7D94C2A}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{556C4FAA-F4B1-4EA9-8921-CB1DF7D94C2A}.Debug|x64.Build.0 = Debug|Any CPU
+		{556C4FAA-F4B1-4EA9-8921-CB1DF7D94C2A}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{556C4FAA-F4B1-4EA9-8921-CB1DF7D94C2A}.Debug|x86.Build.0 = Debug|Any CPU
+		{556C4FAA-F4B1-4EA9-8921-CB1DF7D94C2A}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{556C4FAA-F4B1-4EA9-8921-CB1DF7D94C2A}.Release|Any CPU.Build.0 = Release|Any CPU
+		{556C4FAA-F4B1-4EA9-8921-CB1DF7D94C2A}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{556C4FAA-F4B1-4EA9-8921-CB1DF7D94C2A}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{556C4FAA-F4B1-4EA9-8921-CB1DF7D94C2A}.Release|x64.ActiveCfg = Release|Any CPU
+		{556C4FAA-F4B1-4EA9-8921-CB1DF7D94C2A}.Release|x64.Build.0 = Release|Any CPU
+		{556C4FAA-F4B1-4EA9-8921-CB1DF7D94C2A}.Release|x86.ActiveCfg = Release|Any CPU
+		{556C4FAA-F4B1-4EA9-8921-CB1DF7D94C2A}.Release|x86.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -549,6 +569,7 @@ Global
 		{24A28F5D-E5A9-4CA8-B0D2-924A1F8BE14E} = {F8C0AA27-F3FB-4286-8E4C-47EF86B539FF}
 		{B1FC6AAF-9BF2-4CDA-84A2-AA8BF7603F29} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 		{5EC2E398-E46A-430D-8E4B-E91C8FC3E800} = {F8C0AA27-F3FB-4286-8E4C-47EF86B539FF}
+		{556C4FAA-F4B1-4EA9-8921-CB1DF7D94C2A} = {55052FE3-F8C2-4E6C-97B0-C02ED1DBEA62}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {ABF8089E-43D0-4010-84A7-7A9DCFE49357}
diff --git a/benchmarks/Microsoft.AspNetCore.Security.Performance/AuthorizationMiddlewareBenchmark.cs b/benchmarks/Microsoft.AspNetCore.Security.Performance/AuthorizationMiddlewareBenchmark.cs
new file mode 100644
index 0000000000..90cb135de5
--- /dev/null
+++ b/benchmarks/Microsoft.AspNetCore.Security.Performance/AuthorizationMiddlewareBenchmark.cs
@@ -0,0 +1,53 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Threading.Tasks;
+using BenchmarkDotNet.Attributes;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Features;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.AspNetCore.Security
+{
+    public class AuthorizationMiddlewareBenchmark
+    {
+        private AuthorizationMiddleware _authorizationMiddleware;
+        private DefaultHttpContext _httpContextNoEndpoint;
+        private DefaultHttpContext _httpContextHasEndpoint;
+
+        [GlobalSetup]
+        public void Setup()
+        {
+            var policyProvider = new DefaultAuthorizationPolicyProvider(Options.Create(new AuthorizationOptions()));
+            _authorizationMiddleware = new AuthorizationMiddleware((context) => Task.CompletedTask, policyProvider);
+
+            _httpContextNoEndpoint = new DefaultHttpContext();
+
+            var feature = new EndpointFeature
+            {
+                Endpoint = new Endpoint((context) => Task.CompletedTask, EndpointMetadataCollection.Empty, "Test endpoint")
+            };
+            _httpContextHasEndpoint = new DefaultHttpContext();
+            _httpContextHasEndpoint.Features.Set<IEndpointFeature>(feature);
+        }
+
+        [Benchmark]
+        public Task Invoke_NoEndpoint_NoAuthorization()
+        {
+            return _authorizationMiddleware.Invoke(_httpContextNoEndpoint);
+        }
+
+        [Benchmark]
+        public Task Invoke_HasEndpoint_NoAuthorization()
+        {
+            return _authorizationMiddleware.Invoke(_httpContextHasEndpoint);
+        }
+
+        private class EndpointFeature : IEndpointFeature
+        {
+            public Endpoint Endpoint { get; set; }
+        }
+    }
+}
diff --git a/benchmarks/Microsoft.AspNetCore.Security.Performance/AuthorizationPolicyBenchmark.cs b/benchmarks/Microsoft.AspNetCore.Security.Performance/AuthorizationPolicyBenchmark.cs
new file mode 100644
index 0000000000..86afdcd5ae
--- /dev/null
+++ b/benchmarks/Microsoft.AspNetCore.Security.Performance/AuthorizationPolicyBenchmark.cs
@@ -0,0 +1,28 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Threading.Tasks;
+using BenchmarkDotNet.Attributes;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.AspNetCore.Security
+{
+    public class AuthorizationPolicyBenchmark
+    {
+        private DefaultAuthorizationPolicyProvider _policyProvider;
+
+        [GlobalSetup]
+        public void Setup()
+        {
+            _policyProvider = new DefaultAuthorizationPolicyProvider(Options.Create(new AuthorizationOptions()));
+        }
+
+        [Benchmark]
+        public Task CombineAsync()
+        {
+            return AuthorizationPolicy.CombineAsync(_policyProvider, Array.Empty<IAuthorizeData>());
+        }
+    }
+}
diff --git a/benchmarks/Microsoft.AspNetCore.Security.Performance/Microsoft.AspNetCore.Security.Performance.csproj b/benchmarks/Microsoft.AspNetCore.Security.Performance/Microsoft.AspNetCore.Security.Performance.csproj
new file mode 100644
index 0000000000..7226b64be5
--- /dev/null
+++ b/benchmarks/Microsoft.AspNetCore.Security.Performance/Microsoft.AspNetCore.Security.Performance.csproj
@@ -0,0 +1,24 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFramework>netcoreapp2.2</TargetFramework>
+    <OutputType>Exe</OutputType>
+    <ServerGarbageCollection>true</ServerGarbageCollection>
+    <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
+    <IsPackable>false</IsPackable>
+    <RootNamespace>Microsoft.AspNetCore.Security</RootNamespace>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authorization.Policy\Microsoft.AspNetCore.Authorization.Policy.csproj" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="BenchmarkDotNet" Version="$(BenchmarkDotNetPackageVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.BenchmarkRunner.Sources" PrivateAssets="All" Version="$(MicrosoftAspNetCoreBenchmarkRunnerSourcesPackageVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Http" Version="$(MicrosoftAspNetCoreHttpPackageVersion)" />
+    <PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="$(MicrosoftExtensionsDependencyInjectionPackageVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Logging" Version="$(MicrosoftExtensionsLoggingPackageVersion)" />
+  </ItemGroup>
+
+</Project>
diff --git a/benchmarks/Microsoft.AspNetCore.Security.Performance/Properties/AssemblyInfo.cs b/benchmarks/Microsoft.AspNetCore.Security.Performance/Properties/AssemblyInfo.cs
new file mode 100644
index 0000000000..cfb0b19c2e
--- /dev/null
+++ b/benchmarks/Microsoft.AspNetCore.Security.Performance/Properties/AssemblyInfo.cs
@@ -0,0 +1 @@
+[assembly: BenchmarkDotNet.Attributes.AspNetCoreBenchmark]
\ No newline at end of file
diff --git a/benchmarks/Microsoft.AspNetCore.Security.Performance/readme.md b/benchmarks/Microsoft.AspNetCore.Security.Performance/readme.md
new file mode 100644
index 0000000000..cbe60261b3
--- /dev/null
+++ b/benchmarks/Microsoft.AspNetCore.Security.Performance/readme.md
@@ -0,0 +1,16 @@
+Compile the solution in Release mode (so binaries are available in release)
+
+To run a specific benchmark add it as parameter.
+```
+dotnet run -c Release --framework <tfm> <benchmark_name>
+```
+
+To run all benchmarks use '*' as the name.
+```
+dotnet run -c Release --framework <tfm> *
+```
+
+If you run without any parameters, you'll be offered the list of all benchmarks and get to choose.
+```
+dotnet run -c Release --framework <tfm> 
+```
\ No newline at end of file
diff --git a/build/dependencies.props b/build/dependencies.props
index a870f2f49d..230a942c0c 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -3,46 +3,51 @@
     <MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects>
   </PropertyGroup>
   <PropertyGroup Label="Package Versions">
+    <BenchmarkDotNetPackageVersion>0.10.13</BenchmarkDotNetPackageVersion>
     <InternalAspNetCoreSdkPackageVersion>3.0.0-alpha1-20181004.7</InternalAspNetCoreSdkPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>3.0.0-alpha1-10584</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>3.0.0-alpha1-10584</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
-    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>3.0.0-alpha1-10584</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
-    <MicrosoftAspNetCoreDataProtectionPackageVersion>3.0.0-alpha1-10584</MicrosoftAspNetCoreDataProtectionPackageVersion>
-    <MicrosoftAspNetCoreDiagnosticsPackageVersion>3.0.0-alpha1-10584</MicrosoftAspNetCoreDiagnosticsPackageVersion>
-    <MicrosoftAspNetCoreHostingPackageVersion>3.0.0-alpha1-10584</MicrosoftAspNetCoreHostingPackageVersion>
-    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>3.0.0-alpha1-10584</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
-    <MicrosoftAspNetCoreHttpPackageVersion>3.0.0-alpha1-10584</MicrosoftAspNetCoreHttpPackageVersion>
-    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>3.0.0-alpha1-10584</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>3.0.0-alpha1-10584</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelPackageVersion>3.0.0-alpha1-10584</MicrosoftAspNetCoreServerKestrelPackageVersion>
-    <MicrosoftAspNetCoreStaticFilesPackageVersion>3.0.0-alpha1-10584</MicrosoftAspNetCoreStaticFilesPackageVersion>
-    <MicrosoftAspNetCoreTestHostPackageVersion>3.0.0-alpha1-10584</MicrosoftAspNetCoreTestHostPackageVersion>
-    <MicrosoftAspNetCoreTestingPackageVersion>3.0.0-alpha1-10584</MicrosoftAspNetCoreTestingPackageVersion>
-    <MicrosoftExtensionsCachingMemoryPackageVersion>3.0.0-alpha1-10584</MicrosoftExtensionsCachingMemoryPackageVersion>
-    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>3.0.0-alpha1-10584</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
-    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>3.0.0-alpha1-10584</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
-    <MicrosoftExtensionsDependencyInjectionPackageVersion>3.0.0-alpha1-10584</MicrosoftExtensionsDependencyInjectionPackageVersion>
-    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>3.0.0-alpha1-10584</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
-    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>3.0.0-alpha1-10584</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingConsolePackageVersion>3.0.0-alpha1-10584</MicrosoftExtensionsLoggingConsolePackageVersion>
-    <MicrosoftExtensionsLoggingDebugPackageVersion>3.0.0-alpha1-10584</MicrosoftExtensionsLoggingDebugPackageVersion>
-    <MicrosoftExtensionsLoggingPackageVersion>3.0.0-alpha1-10584</MicrosoftExtensionsLoggingPackageVersion>
-    <MicrosoftExtensionsOptionsPackageVersion>3.0.0-alpha1-10584</MicrosoftExtensionsOptionsPackageVersion>
-    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>3.0.0-alpha1-10584</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
-    <MicrosoftExtensionsWebEncodersPackageVersion>3.0.0-alpha1-10584</MicrosoftExtensionsWebEncodersPackageVersion>
-    <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.2</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
-    <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
-    <MicrosoftIdentityModelProtocolsWsFederationPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsWsFederationPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>3.0.0-alpha1-10706</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>3.0.0-alpha1-10706</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
+    <MicrosoftAspNetCoreBenchmarkRunnerSourcesPackageVersion>3.0.0-alpha1-10657</MicrosoftAspNetCoreBenchmarkRunnerSourcesPackageVersion>
+    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>3.0.0-alpha1-10706</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
+    <MicrosoftAspNetCoreDataProtectionPackageVersion>3.0.0-alpha1-10706</MicrosoftAspNetCoreDataProtectionPackageVersion>
+    <MicrosoftAspNetCoreDiagnosticsPackageVersion>3.0.0-alpha1-10706</MicrosoftAspNetCoreDiagnosticsPackageVersion>
+    <MicrosoftAspNetCoreHostingPackageVersion>3.0.0-alpha1-10706</MicrosoftAspNetCoreHostingPackageVersion>
+    <MicrosoftAspNetCoreHttpAbstractionsPackageVersion>3.0.0-a-alpha1-endpoint-extensions-namespace-16778</MicrosoftAspNetCoreHttpAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>3.0.0-alpha1-10706</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
+    <MicrosoftAspNetCoreHttpPackageVersion>3.0.0-alpha1-10706</MicrosoftAspNetCoreHttpPackageVersion>
+    <MicrosoftAspNetCoreRoutingPackageVersion>3.0.0-alpha1-10706</MicrosoftAspNetCoreRoutingPackageVersion>
+    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>3.0.0-alpha1-10706</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>3.0.0-alpha1-10706</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>3.0.0-alpha1-10706</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreStaticFilesPackageVersion>3.0.0-alpha1-10706</MicrosoftAspNetCoreStaticFilesPackageVersion>
+    <MicrosoftAspNetCoreTestHostPackageVersion>3.0.0-alpha1-10706</MicrosoftAspNetCoreTestHostPackageVersion>
+    <MicrosoftAspNetCoreTestingPackageVersion>3.0.0-preview-181105-05</MicrosoftAspNetCoreTestingPackageVersion>
+    <MicrosoftExtensionsCachingMemoryPackageVersion>3.0.0-alpha1-10706</MicrosoftExtensionsCachingMemoryPackageVersion>
+    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>3.0.0-alpha1-10706</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
+    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>3.0.0-alpha1-10706</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionPackageVersion>3.0.0-preview-181105-05</MicrosoftExtensionsDependencyInjectionPackageVersion>
+    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>3.0.0-preview-181105-05</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
+    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>3.0.0-alpha1-10706</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingConsolePackageVersion>3.0.0-alpha1-10706</MicrosoftExtensionsLoggingConsolePackageVersion>
+    <MicrosoftExtensionsLoggingDebugPackageVersion>3.0.0-alpha1-10706</MicrosoftExtensionsLoggingDebugPackageVersion>
+    <MicrosoftExtensionsLoggingPackageVersion>3.0.0-alpha1-10706</MicrosoftExtensionsLoggingPackageVersion>
+    <MicrosoftExtensionsOptionsPackageVersion>3.0.0-alpha1-10706</MicrosoftExtensionsOptionsPackageVersion>
+    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>3.0.0-preview-181105-05</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
+    <MicrosoftExtensionsWebEncodersPackageVersion>3.0.0-alpha1-10706</MicrosoftExtensionsWebEncodersPackageVersion>
+    <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.19.8</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
+    <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.3.0</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
+    <MicrosoftIdentityModelProtocolsWsFederationPackageVersion>5.3.0</MicrosoftIdentityModelProtocolsWsFederationPackageVersion>
     <MicrosoftNETCoreApp20PackageVersion>2.0.9</MicrosoftNETCoreApp20PackageVersion>
     <MicrosoftNETCoreApp21PackageVersion>2.1.3</MicrosoftNETCoreApp21PackageVersion>
-    <MicrosoftNETCoreApp22PackageVersion>2.2.0-preview3-27001-02</MicrosoftNETCoreApp22PackageVersion>
+    <MicrosoftNETCoreApp22PackageVersion>2.2.0-rtm-27105-02</MicrosoftNETCoreApp22PackageVersion>
     <MicrosoftNETTestSdkPackageVersion>15.6.1</MicrosoftNETTestSdkPackageVersion>
     <MicrosoftOwinSecurityCookiesPackageVersion>3.0.1</MicrosoftOwinSecurityCookiesPackageVersion>
     <MicrosoftOwinSecurityPackageVersion>3.0.1</MicrosoftOwinSecurityPackageVersion>
     <MicrosoftOwinTestingPackageVersion>3.0.1</MicrosoftOwinTestingPackageVersion>
+    <MoqPackageVersion>4.10.0</MoqPackageVersion>
     <NETStandardLibrary20PackageVersion>2.0.3</NETStandardLibrary20PackageVersion>
     <NewtonsoftJsonPackageVersion>11.0.2</NewtonsoftJsonPackageVersion>
-    <SystemIdentityModelTokensJwtPackageVersion>5.2.0</SystemIdentityModelTokensJwtPackageVersion>
+    <SystemIdentityModelTokensJwtPackageVersion>5.3.0</SystemIdentityModelTokensJwtPackageVersion>
     <XunitAnalyzersPackageVersion>0.10.0</XunitAnalyzersPackageVersion>
     <XunitPackageVersion>2.3.1</XunitPackageVersion>
     <XunitRunnerVisualStudioPackageVersion>2.4.0</XunitRunnerVisualStudioPackageVersion>
diff --git a/src/Microsoft.AspNetCore.Authorization.Policy/AuthorizationAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authorization.Policy/AuthorizationAppBuilderExtensions.cs
new file mode 100644
index 0000000000..66f0eb6f1e
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authorization.Policy/AuthorizationAppBuilderExtensions.cs
@@ -0,0 +1,29 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNetCore.Authorization;
+
+namespace Microsoft.AspNetCore.Builder
+{
+    /// <summary>
+    /// Extension methods to add authorization capabilities to an HTTP application pipeline.
+    /// </summary>
+    public static class AuthorizationAppBuilderExtensions
+    {
+        /// <summary>
+        /// Adds the <see cref="AuthorizationMiddleware"/> to the specified <see cref="IApplicationBuilder"/>, which enables authorization capabilities.
+        /// </summary>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
+        public static IApplicationBuilder UseAuthorization(this IApplicationBuilder app)
+        {
+            if (app == null)
+            {
+                throw new ArgumentNullException(nameof(app));
+            }
+
+            return app.UseMiddleware<AuthorizationMiddleware>();
+        }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authorization.Policy/AuthorizationEndpointConventionBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authorization.Policy/AuthorizationEndpointConventionBuilderExtensions.cs
new file mode 100644
index 0000000000..81b05d70ad
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authorization.Policy/AuthorizationEndpointConventionBuilderExtensions.cs
@@ -0,0 +1,50 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Linq;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Routing;
+
+namespace Microsoft.AspNetCore.Builder
+{
+    public static class AuthorizationEndpointConventionBuilderExtensions
+    {
+        public static IEndpointConventionBuilder RequireAuthorization(this IEndpointConventionBuilder builder, params IAuthorizeData[] authorizeData)
+        {
+            if (builder == null)
+            {
+                throw new ArgumentNullException(nameof(builder));
+            }
+
+            if (authorizeData == null)
+            {
+                throw new ArgumentNullException(nameof(authorizeData));
+            }
+
+            builder.Apply(endpointBuilder =>
+            {
+                foreach (var data in authorizeData)
+                {
+                    endpointBuilder.Metadata.Add(data);
+                }
+            });
+            return builder;
+        }
+
+        public static IEndpointConventionBuilder RequireAuthorization(this IEndpointConventionBuilder builder, params string[] policyNames)
+        {
+            if (builder == null)
+            {
+                throw new ArgumentNullException(nameof(builder));
+            }
+
+            if (policyNames == null)
+            {
+                throw new ArgumentNullException(nameof(policyNames));
+            }
+
+            return builder.RequireAuthorization(policyNames.Select(n => new AuthorizeAttribute(n)).ToArray());
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authorization.Policy/AuthorizationMiddleware.cs b/src/Microsoft.AspNetCore.Authorization.Policy/AuthorizationMiddleware.cs
new file mode 100644
index 0000000000..1da5b123fe
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authorization.Policy/AuthorizationMiddleware.cs
@@ -0,0 +1,104 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Linq;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authorization.Policy;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Endpoints;
+using Microsoft.AspNetCore.Http.Features;
+using Microsoft.Extensions.DependencyInjection;
+
+namespace Microsoft.AspNetCore.Authorization
+{
+    public class AuthorizationMiddleware
+    {
+        private readonly RequestDelegate _next;
+        private readonly IAuthorizationPolicyProvider _policyProvider;
+
+        public AuthorizationMiddleware(RequestDelegate next, IAuthorizationPolicyProvider policyProvider)
+        {
+            if (next == null)
+            {
+                throw new ArgumentNullException(nameof(next));
+            }
+
+            if (policyProvider == null)
+            {
+                throw new ArgumentNullException(nameof(policyProvider));
+            }
+
+            _next = next;
+            _policyProvider = policyProvider;
+        }
+
+        public async Task Invoke(HttpContext context)
+        {
+            if (context == null)
+            {
+                throw new ArgumentNullException(nameof(context));
+            }
+
+            var endpoint = context.GetEndpoint();
+            var authorizeData = endpoint?.Metadata.GetOrderedMetadata<IAuthorizeData>() ?? Array.Empty<IAuthorizeData>();
+            var policy = await AuthorizationPolicy.CombineAsync(_policyProvider, authorizeData);
+            if (policy == null)
+            {
+                await _next(context);
+                return;
+            }
+
+            // Policy evaluator has transient lifetime so it fetched from request services instead of injecting in constructor
+            var policyEvaluator = context.RequestServices.GetRequiredService<IPolicyEvaluator>();
+
+            var authenticateResult = await policyEvaluator.AuthenticateAsync(policy, context);
+
+            // Allow Anonymous skips all authorization
+            if (endpoint?.Metadata.GetMetadata<IAllowAnonymous>() != null)
+            {
+                await _next(context);
+                return;
+            }
+
+            // Note that the resource will be null if there is no matched endpoint
+            var authorizeResult = await policyEvaluator.AuthorizeAsync(policy, authenticateResult, context, resource: endpoint);
+
+            if (authorizeResult.Challenged)
+            {
+                if (policy.AuthenticationSchemes.Any())
+                {
+                    foreach (var scheme in policy.AuthenticationSchemes)
+                    {
+                        await context.ChallengeAsync(scheme);
+                    }
+                }
+                else
+                {
+                    await context.ChallengeAsync();
+                }
+
+                return;
+            }
+            else if (authorizeResult.Forbidden)
+            {
+                if (policy.AuthenticationSchemes.Any())
+                {
+                    foreach (var scheme in policy.AuthenticationSchemes)
+                    {
+                        await context.ForbidAsync(scheme);
+                    }
+                }
+                else
+                {
+                    await context.ForbidAsync();
+                }
+
+                return;
+            }
+
+            await _next(context);
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authorization.Policy/Microsoft.AspNetCore.Authorization.Policy.csproj b/src/Microsoft.AspNetCore.Authorization.Policy/Microsoft.AspNetCore.Authorization.Policy.csproj
index 16e4aa2622..aba88dd50c 100644
--- a/src/Microsoft.AspNetCore.Authorization.Policy/Microsoft.AspNetCore.Authorization.Policy.csproj
+++ b/src/Microsoft.AspNetCore.Authorization.Policy/Microsoft.AspNetCore.Authorization.Policy.csproj
@@ -3,7 +3,7 @@
   <PropertyGroup>
     <Description>ASP.NET Core authorization policy helper classes.</Description>
     <TargetFramework>netstandard2.0</TargetFramework>
-    <NoWarn>$(NoWarn);CS1591</NoWarn>
+    <NoWarn>$(NoWarn);CS1591;NU1605</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authorization</PackageTags>
   </PropertyGroup>
@@ -14,6 +14,8 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.Authentication.Abstractions" Version="$(MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Http.Abstractions" Version="$(MicrosoftAspNetCoreHttpAbstractionsPackageVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Routing" Version="$(MicrosoftAspNetCoreRoutingPackageVersion)" />
     <PackageReference Include="Microsoft.Extensions.SecurityHelper.Sources" PrivateAssets="All" Version="$(MicrosoftExtensionsSecurityHelperSourcesPackageVersion)" />
   </ItemGroup>
 
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationOptions.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizationOptions.cs
index 6899913afb..f0c5527d2d 100644
--- a/src/Microsoft.AspNetCore.Authorization/AuthorizationOptions.cs
+++ b/src/Microsoft.AspNetCore.Authorization/AuthorizationOptions.cs
@@ -20,13 +20,25 @@ namespace Microsoft.AspNetCore.Authorization
         public bool InvokeHandlersAfterFailure { get; set; } = true;
 
         /// <summary>
-        /// Gets or sets the default authorization policy.
+        /// Gets or sets the default authorization policy. Defaults to require authenticated users.
         /// </summary>
         /// <remarks>
-        /// The default policy is to require any authenticated user.
+        /// The default policy used when evaluating <see cref="IAuthorizeData"/> with no policy name specified.
         /// </remarks>
         public AuthorizationPolicy DefaultPolicy { get; set; } = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
 
+        /// <summary>
+        /// Gets or sets the required authorization policy. Defaults to null.
+        /// </summary>
+        /// <remarks>
+        /// By default the required policy is null.
+        /// 
+        /// If a required policy has been specified then it is always evaluated, even if there are no
+        /// <see cref="IAuthorizeData"/> instances for a resource. If a resource has <see cref="IAuthorizeData"/>
+        /// then they are evaluated together with the required policy.
+        /// </remarks>
+        public AuthorizationPolicy RequiredPolicy { get; set; }
+
         /// <summary>
         /// Add an authorization policy with the provided name.
         /// </summary>
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicy.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicy.cs
index 36e0ca7c38..b3b54f3003 100644
--- a/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicy.cs
+++ b/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicy.cs
@@ -120,46 +120,74 @@ namespace Microsoft.AspNetCore.Authorization
                 throw new ArgumentNullException(nameof(authorizeData));
             }
 
-            var policyBuilder = new AuthorizationPolicyBuilder();
-            var any = false;
-            foreach (var authorizeDatum in authorizeData)
+            // Avoid allocating enumerator if the data is known to be empty
+            var skipEnumeratingData = false;
+            if (authorizeData is IList<IAuthorizeData> dataList)
             {
-                any = true;
-                var useDefaultPolicy = true;
-                if (!string.IsNullOrWhiteSpace(authorizeDatum.Policy))
+                skipEnumeratingData = dataList.Count == 0;
+            }
+
+            AuthorizationPolicyBuilder policyBuilder = null;
+            if (!skipEnumeratingData)
+            {
+                foreach (var authorizeDatum in authorizeData)
                 {
-                    var policy = await policyProvider.GetPolicyAsync(authorizeDatum.Policy);
-                    if (policy == null)
+                    if (policyBuilder == null)
                     {
-                        throw new InvalidOperationException(Resources.FormatException_AuthorizationPolicyNotFound(authorizeDatum.Policy));
+                        policyBuilder = new AuthorizationPolicyBuilder();
                     }
-                    policyBuilder.Combine(policy);
-                    useDefaultPolicy = false;
-                }
-                var rolesSplit = authorizeDatum.Roles?.Split(',');
-                if (rolesSplit != null && rolesSplit.Any())
-                {
-                    var trimmedRolesSplit = rolesSplit.Where(r => !string.IsNullOrWhiteSpace(r)).Select(r => r.Trim());
-                    policyBuilder.RequireRole(trimmedRolesSplit);
-                    useDefaultPolicy = false;
-                }
-                var authTypesSplit = authorizeDatum.AuthenticationSchemes?.Split(',');
-                if (authTypesSplit != null && authTypesSplit.Any())
-                {
-                    foreach (var authType in authTypesSplit)
+
+                    var useDefaultPolicy = true;
+                    if (!string.IsNullOrWhiteSpace(authorizeDatum.Policy))
                     {
-                        if (!string.IsNullOrWhiteSpace(authType))
+                        var policy = await policyProvider.GetPolicyAsync(authorizeDatum.Policy);
+                        if (policy == null)
                         {
-                            policyBuilder.AuthenticationSchemes.Add(authType.Trim());
+                            throw new InvalidOperationException(Resources.FormatException_AuthorizationPolicyNotFound(authorizeDatum.Policy));
+                        }
+                        policyBuilder.Combine(policy);
+                        useDefaultPolicy = false;
+                    }
+
+                    var rolesSplit = authorizeDatum.Roles?.Split(',');
+                    if (rolesSplit != null && rolesSplit.Any())
+                    {
+                        var trimmedRolesSplit = rolesSplit.Where(r => !string.IsNullOrWhiteSpace(r)).Select(r => r.Trim());
+                        policyBuilder.RequireRole(trimmedRolesSplit);
+                        useDefaultPolicy = false;
+                    }
+
+                    var authTypesSplit = authorizeDatum.AuthenticationSchemes?.Split(',');
+                    if (authTypesSplit != null && authTypesSplit.Any())
+                    {
+                        foreach (var authType in authTypesSplit)
+                        {
+                            if (!string.IsNullOrWhiteSpace(authType))
+                            {
+                                policyBuilder.AuthenticationSchemes.Add(authType.Trim());
+                            }
                         }
                     }
-                }
-                if (useDefaultPolicy)
-                {
-                    policyBuilder.Combine(await policyProvider.GetDefaultPolicyAsync());
+
+                    if (useDefaultPolicy)
+                    {
+                        policyBuilder.Combine(await policyProvider.GetDefaultPolicyAsync());
+                    }
                 }
             }
-            return any ? policyBuilder.Build() : null;
+
+            var requiredPolicy = await policyProvider.GetRequiredPolicyAsync();
+            if (requiredPolicy != null)
+            {
+                if (policyBuilder == null)
+                {
+                    policyBuilder = new AuthorizationPolicyBuilder();
+                }
+
+                policyBuilder.Combine(requiredPolicy);
+            }
+
+            return policyBuilder?.Build();
         }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationPolicyProvider.cs b/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationPolicyProvider.cs
index 0e4329dcc0..f5e6652739 100644
--- a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationPolicyProvider.cs
+++ b/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationPolicyProvider.cs
@@ -14,6 +14,8 @@ namespace Microsoft.AspNetCore.Authorization
     public class DefaultAuthorizationPolicyProvider : IAuthorizationPolicyProvider
     {
         private readonly AuthorizationOptions _options;
+        private Task<AuthorizationPolicy> _cachedDefaultPolicy;
+        private Task<AuthorizationPolicy> _cachedRequiredPolicy;
 
         /// <summary>
         /// Creates a new instance of <see cref="DefaultAuthorizationPolicyProvider"/>.
@@ -35,7 +37,26 @@ namespace Microsoft.AspNetCore.Authorization
         /// <returns>The default authorization policy.</returns>
         public Task<AuthorizationPolicy> GetDefaultPolicyAsync()
         {
-            return Task.FromResult(_options.DefaultPolicy);
+            return GetCachedPolicy(ref _cachedDefaultPolicy, _options.DefaultPolicy);
+        }
+
+        /// <summary>
+        /// Gets the required authorization policy.
+        /// </summary>
+        /// <returns>The required authorization policy.</returns>
+        public Task<AuthorizationPolicy> GetRequiredPolicyAsync()
+        {
+            return GetCachedPolicy(ref _cachedRequiredPolicy, _options.RequiredPolicy);
+        }
+
+        private Task<AuthorizationPolicy> GetCachedPolicy(ref Task<AuthorizationPolicy> cachedPolicy, AuthorizationPolicy currentPolicy)
+        {
+            var local = cachedPolicy;
+            if (local == null || local.Result != currentPolicy)
+            {
+                cachedPolicy = local = Task.FromResult(currentPolicy);
+            }
+            return local;
         }
 
         /// <summary>
diff --git a/src/Microsoft.AspNetCore.Authorization/IAuthorizationPolicyProvider.cs b/src/Microsoft.AspNetCore.Authorization/IAuthorizationPolicyProvider.cs
index 9e9d0f468a..4560d11e09 100644
--- a/src/Microsoft.AspNetCore.Authorization/IAuthorizationPolicyProvider.cs
+++ b/src/Microsoft.AspNetCore.Authorization/IAuthorizationPolicyProvider.cs
@@ -22,5 +22,11 @@ namespace Microsoft.AspNetCore.Authorization
         /// </summary>
         /// <returns>The default authorization policy.</returns>
         Task<AuthorizationPolicy> GetDefaultPolicyAsync();
+
+        /// <summary>
+        /// Gets the required authorization policy.
+        /// </summary>
+        /// <returns>The required authorization policy.</returns>
+        Task<AuthorizationPolicy> GetRequiredPolicyAsync();
     }
 }
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/AuthorizationAppBuilderExtensionsTests.cs b/test/Microsoft.AspNetCore.Authorization.Test/AuthorizationAppBuilderExtensionsTests.cs
new file mode 100644
index 0000000000..c6fb596f18
--- /dev/null
+++ b/test/Microsoft.AspNetCore.Authorization.Test/AuthorizationAppBuilderExtensionsTests.cs
@@ -0,0 +1,65 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Text;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authorization.Test.TestObjects;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Builder.Internal;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Endpoints;
+using Microsoft.AspNetCore.Http.Features;
+using Microsoft.Extensions.DependencyInjection;
+using Xunit;
+
+namespace Microsoft.AspNetCore.Authorization.Test
+{
+    public class AuthorizationAppBuilderExtensionsTests
+    {
+        [Fact]
+        public async Task UseAuthorization_RegistersMiddleware()
+        {
+            // Arrange
+            var authenticationService = new TestAuthenticationService();
+            var services = CreateServices(authenticationService);
+
+            var app = new ApplicationBuilder(services);
+
+            app.UseAuthorization();
+
+            var appFunc = app.Build();
+
+            var endpoint = new Endpoint(
+                null,
+                new EndpointMetadataCollection(new AuthorizeAttribute()),
+                "Test endpoint");
+
+            var httpContext = new DefaultHttpContext();
+            httpContext.RequestServices = services;
+            httpContext.SetEndpoint(endpoint);
+
+            // Act
+            await appFunc(httpContext);
+
+            // Assert
+            Assert.True(authenticationService.ChallengeCalled);
+        }
+
+        private IServiceProvider CreateServices(IAuthenticationService authenticationService)
+        {
+            var services = new ServiceCollection();
+
+            services.AddAuthorization(options => { });
+            services.AddAuthorizationPolicyEvaluator();
+            services.AddLogging();
+            services.AddSingleton(authenticationService);
+
+            var serviceProvder = services.BuildServiceProvider();
+
+            return serviceProvder;
+        }
+    }
+}
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/AuthorizationEndpointConventionBuilderExtensionsTests.cs b/test/Microsoft.AspNetCore.Authorization.Test/AuthorizationEndpointConventionBuilderExtensionsTests.cs
new file mode 100644
index 0000000000..a2ab8fa8b5
--- /dev/null
+++ b/test/Microsoft.AspNetCore.Authorization.Test/AuthorizationEndpointConventionBuilderExtensionsTests.cs
@@ -0,0 +1,63 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Routing;
+using Microsoft.AspNetCore.Routing.Patterns;
+using Xunit;
+
+namespace Microsoft.AspNetCore.Authorization.Test
+{
+    public class AuthorizationEndpointConventionBuilderExtensionsTests
+    {
+        [Fact]
+        public void RequireAuthorization_IAuthorizeData()
+        {
+            // Arrange
+            var builder = new TestEndpointConventionBuilder();
+            var metadata = new AuthorizeAttribute();
+
+            // Act
+            builder.RequireAuthorization(metadata);
+
+            // Assert
+            var convention = Assert.Single(builder.Conventions);
+
+            var endpointModel = new RouteEndpointModel((context) => Task.CompletedTask, RoutePatternFactory.Parse("/"), 0);
+            convention(endpointModel);
+
+            Assert.Equal(metadata, Assert.Single(endpointModel.Metadata));
+        }
+
+        [Fact]
+        public void RequireAuthorization_PolicyName()
+        {
+            // Arrange
+            var builder = new TestEndpointConventionBuilder();
+
+            // Act
+            builder.RequireAuthorization("policy");
+
+            // Assert
+            var convention = Assert.Single(builder.Conventions);
+
+            var endpointModel = new RouteEndpointModel((context) => Task.CompletedTask, RoutePatternFactory.Parse("/"), 0);
+            convention(endpointModel);
+
+            Assert.Equal("policy", Assert.IsAssignableFrom<IAuthorizeData>(Assert.Single(endpointModel.Metadata)).Policy);
+        }
+
+        private class TestEndpointConventionBuilder : IEndpointConventionBuilder
+        {
+            public IList<Action<EndpointModel>> Conventions { get; } = new List<Action<EndpointModel>>();
+
+            public void Apply(Action<EndpointModel> convention)
+            {
+                Conventions.Add(convention);
+            }
+        }
+    }
+}
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/AuthorizationMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authorization.Test/AuthorizationMiddlewareTests.cs
new file mode 100644
index 0000000000..655a4fbf8b
--- /dev/null
+++ b/test/Microsoft.AspNetCore.Authorization.Test/AuthorizationMiddlewareTests.cs
@@ -0,0 +1,459 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Security.Claims;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Authorization.Infrastructure;
+using Microsoft.AspNetCore.Authorization.Test.TestObjects;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Endpoints;
+using Microsoft.AspNetCore.Http.Features;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Options;
+using Moq;
+using Xunit;
+
+namespace Microsoft.AspNetCore.Authorization.Test
+{
+    public class AuthorizationMiddlewareTests
+    {
+        [Fact]
+        public async Task NoEndpoint_AnonymousUser_Allows()
+        {
+            // Arrange
+            var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
+            var policyProvider = new Mock<IAuthorizationPolicyProvider>();
+            policyProvider.Setup(p => p.GetDefaultPolicyAsync()).ReturnsAsync(policy);
+            var next = new TestRequestDelegate();
+
+            var middleware = CreateMiddleware(next.Invoke, policyProvider.Object);
+            var context = GetHttpContext(anonymous: true);
+
+            // Act
+            await middleware.Invoke(context);
+
+            // Assert
+            Assert.True(next.Called);
+        }
+
+        [Fact]
+        public async Task NoEndpointWithRequired_AnonymousUser_Challenges()
+        {
+            // Arrange
+            var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
+            var policyProvider = new Mock<IAuthorizationPolicyProvider>();
+            policyProvider.Setup(p => p.GetRequiredPolicyAsync()).ReturnsAsync(policy);
+            var next = new TestRequestDelegate();
+
+            var middleware = CreateMiddleware(next.Invoke, policyProvider.Object);
+            var context = GetHttpContext(anonymous: true);
+
+            // Act
+            await middleware.Invoke(context);
+
+            // Assert
+            Assert.False(next.Called);
+        }
+
+        [Fact]
+        public async Task HasEndpointWithoutAuth_AnonymousUser_Allows()
+        {
+            // Arrange
+            var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
+            var policyProvider = new Mock<IAuthorizationPolicyProvider>();
+            policyProvider.Setup(p => p.GetDefaultPolicyAsync()).ReturnsAsync(policy);
+            var next = new TestRequestDelegate();
+
+            var middleware = CreateMiddleware(next.Invoke, policyProvider.Object);
+            var context = GetHttpContext(anonymous: true, endpoint: CreateEndpoint());
+
+            // Act
+            await middleware.Invoke(context);
+
+            // Assert
+            Assert.True(next.Called);
+        }
+
+        [Fact]
+        public async Task HasEndpointWithRequiredWithoutAuth_AnonymousUser_Challenges()
+        {
+            // Arrange
+            var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
+            var policyProvider = new Mock<IAuthorizationPolicyProvider>();
+            policyProvider.Setup(p => p.GetDefaultPolicyAsync()).ReturnsAsync(policy);
+            policyProvider.Setup(p => p.GetRequiredPolicyAsync()).ReturnsAsync(policy);
+            var next = new TestRequestDelegate();
+
+            var middleware = CreateMiddleware(next.Invoke, policyProvider.Object);
+            var context = GetHttpContext(anonymous: true, endpoint: CreateEndpoint());
+
+            // Act
+            await middleware.Invoke(context);
+
+            // Assert
+            Assert.False(next.Called);
+        }
+
+        [Fact]
+        public async Task HasEndpointWithAuth_AnonymousUser_Challenges()
+        {
+            // Arrange
+            var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
+            var policyProvider = new Mock<IAuthorizationPolicyProvider>();
+            policyProvider.Setup(p => p.GetDefaultPolicyAsync()).ReturnsAsync(policy);
+            var next = new TestRequestDelegate();
+            var authenticationService = new TestAuthenticationService();
+
+            var middleware = CreateMiddleware(next.Invoke, policyProvider.Object);
+            var context = GetHttpContext(anonymous: true, endpoint: CreateEndpoint(new AuthorizeAttribute()), authenticationService: authenticationService);
+
+            // Act
+            await middleware.Invoke(context);
+
+            // Assert
+            Assert.False(next.Called);
+            Assert.True(authenticationService.ChallengeCalled);
+        }
+
+        [Fact]
+        public async Task HasEndpointWithAuth_AnonymousUser_ChallengePerScheme()
+        {
+            // Arrange
+            var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().AddAuthenticationSchemes("schema1", "schema2").Build();
+            var policyProvider = new Mock<IAuthorizationPolicyProvider>();
+            policyProvider.Setup(p => p.GetDefaultPolicyAsync()).ReturnsAsync(policy);
+            var next = new TestRequestDelegate();
+            var authenticationService = new TestAuthenticationService();
+
+            var middleware = CreateMiddleware(next.Invoke, policyProvider.Object);
+            var context = GetHttpContext(anonymous: true, endpoint: CreateEndpoint(new AuthorizeAttribute()), authenticationService: authenticationService);
+
+            // Act
+            await middleware.Invoke(context);
+
+            // Assert
+            Assert.False(next.Called);
+            Assert.Equal(2, authenticationService.ChallengeCount);
+        }
+
+        [Fact]
+        public async Task OnAuthorizationAsync_WillCallPolicyProvider()
+        {
+            // Arrange
+            var policy = new AuthorizationPolicyBuilder().RequireAssertion(_ => true).Build();
+            var policyProvider = new Mock<IAuthorizationPolicyProvider>();
+            var getPolicyCount = 0;
+            var getRequiredPolicyCount = 0;
+            policyProvider.Setup(p => p.GetPolicyAsync(It.IsAny<string>())).ReturnsAsync(policy)
+                .Callback(() => getPolicyCount++);
+            policyProvider.Setup(p => p.GetRequiredPolicyAsync()).ReturnsAsync(policy)
+                .Callback(() => getRequiredPolicyCount++);
+            var next = new TestRequestDelegate();
+            var middleware = CreateMiddleware(next.Invoke, policyProvider.Object);
+            var context = GetHttpContext(anonymous: true, endpoint: CreateEndpoint(new AuthorizeAttribute("whatever")));
+
+            // Act & Assert
+            await middleware.Invoke(context);
+            Assert.Equal(1, getPolicyCount);
+            Assert.Equal(1, getRequiredPolicyCount);
+            Assert.Equal(1, next.CalledCount);
+
+            await middleware.Invoke(context);
+            Assert.Equal(2, getPolicyCount);
+            Assert.Equal(2, getRequiredPolicyCount);
+            Assert.Equal(2, next.CalledCount);
+
+            await middleware.Invoke(context);
+            Assert.Equal(3, getPolicyCount);
+            Assert.Equal(3, getRequiredPolicyCount);
+            Assert.Equal(3, next.CalledCount);
+        }
+
+        [Fact]
+        public async Task Invoke_ValidClaimShouldNotFail()
+        {
+            // Arrange
+            var policy = new AuthorizationPolicyBuilder().RequireClaim("Permission", "CanViewPage").Build();
+            var policyProvider = new Mock<IAuthorizationPolicyProvider>();
+            policyProvider.Setup(p => p.GetDefaultPolicyAsync()).ReturnsAsync(policy);
+            var next = new TestRequestDelegate();
+
+            var middleware = CreateMiddleware(next.Invoke, policyProvider.Object);
+            var context = GetHttpContext(endpoint: CreateEndpoint(new AuthorizeAttribute()));
+
+            // Act
+            await middleware.Invoke(context);
+
+            // Assert
+            Assert.True(next.Called);
+        }
+
+        [Fact]
+        public async Task HasEndpointWithAuthAndAllowAnonymous_AnonymousUser_Allows()
+        {
+            // Arrange
+            var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
+            var policyProvider = new Mock<IAuthorizationPolicyProvider>();
+            policyProvider.Setup(p => p.GetDefaultPolicyAsync()).ReturnsAsync(policy);
+            var next = new TestRequestDelegate();
+            var authenticationService = new TestAuthenticationService();
+
+            var middleware = CreateMiddleware(next.Invoke, policyProvider.Object);
+            var context = GetHttpContext(anonymous: true, endpoint: CreateEndpoint(new AuthorizeAttribute(), new AllowAnonymousAttribute()), authenticationService: authenticationService);
+
+            // Act
+            await middleware.Invoke(context);
+
+            // Assert
+            Assert.True(next.Called);
+            Assert.False(authenticationService.ChallengeCalled);
+        }
+
+        [Fact]
+        public async Task HasEndpointWithAuth_AuthenticatedUser_Allows()
+        {
+            // Arrange
+            var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
+            var policyProvider = new Mock<IAuthorizationPolicyProvider>();
+            policyProvider.Setup(p => p.GetDefaultPolicyAsync()).ReturnsAsync(policy);
+            var next = new TestRequestDelegate();
+            var authenticationService = new TestAuthenticationService();
+
+            var middleware = CreateMiddleware(next.Invoke, policyProvider.Object);
+            var context = GetHttpContext(endpoint: CreateEndpoint(new AuthorizeAttribute()), authenticationService: authenticationService);
+
+            // Act
+            await middleware.Invoke(context);
+
+            // Assert
+            Assert.True(next.Called);
+            Assert.False(authenticationService.ChallengeCalled);
+        }
+
+        [Fact]
+        public async Task Invoke_AuthSchemesFailShouldSetEmptyPrincipalOnContext()
+        {
+            // Arrange
+            var policy = new AuthorizationPolicyBuilder("Fails").RequireAuthenticatedUser().Build();
+            var policyProvider = new Mock<IAuthorizationPolicyProvider>();
+            policyProvider.Setup(p => p.GetDefaultPolicyAsync()).ReturnsAsync(policy);
+            var next = new TestRequestDelegate();
+            var authenticationService = new TestAuthenticationService();
+
+            var middleware = CreateMiddleware(next.Invoke, policyProvider.Object);
+            var context = GetHttpContext(endpoint: CreateEndpoint(new AuthorizeAttribute()), authenticationService: authenticationService);
+
+            // Act
+            await middleware.Invoke(context);
+
+            // Assert
+            Assert.False(next.Called);
+            Assert.NotNull(context.User?.Identity);
+            Assert.True(authenticationService.AuthenticateCalled);
+            Assert.True(authenticationService.ChallengeCalled);
+        }
+
+        [Fact]
+        public async Task Invoke_SingleValidClaimShouldSucceed()
+        {
+            // Arrange
+            var policy = new AuthorizationPolicyBuilder().RequireClaim("Permission", "CanViewComment", "CanViewPage").Build();
+            var policyProvider = new Mock<IAuthorizationPolicyProvider>();
+            policyProvider.Setup(p => p.GetDefaultPolicyAsync()).ReturnsAsync(policy);
+            var next = new TestRequestDelegate();
+
+            var middleware = CreateMiddleware(next.Invoke, policyProvider.Object);
+            var context = GetHttpContext(endpoint: CreateEndpoint(new AuthorizeAttribute()));
+
+            // Act
+            await middleware.Invoke(context);
+
+            // Assert
+            Assert.True(next.Called);
+        }
+
+        [Fact]
+        public async Task AuthZResourceShouldBeEndpoint()
+        {
+            // Arrange
+            object resource = null;
+            var policy = new AuthorizationPolicyBuilder().RequireAssertion(c =>
+            {
+                resource = c.Resource;
+                return true;
+            }).Build();
+            var policyProvider = new Mock<IAuthorizationPolicyProvider>();
+            policyProvider.Setup(p => p.GetDefaultPolicyAsync()).ReturnsAsync(policy);
+            var next = new TestRequestDelegate();
+
+            var middleware = CreateMiddleware(next.Invoke, policyProvider.Object);
+            var endpoint = CreateEndpoint(new AuthorizeAttribute());
+            var context = GetHttpContext(endpoint: endpoint);
+
+            // Act
+            await middleware.Invoke(context);
+
+            // Assert
+            Assert.Equal(endpoint, resource);
+        }
+
+        [Fact]
+        public async Task Invoke_RequireUnknownRoleShouldForbid()
+        {
+            // Arrange
+            var policy = new AuthorizationPolicyBuilder().RequireRole("Wut").Build();
+            var policyProvider = new Mock<IAuthorizationPolicyProvider>();
+            policyProvider.Setup(p => p.GetDefaultPolicyAsync()).ReturnsAsync(policy);
+            var next = new TestRequestDelegate();
+            var authenticationService = new TestAuthenticationService();
+
+            var middleware = CreateMiddleware(next.Invoke, policyProvider.Object);
+            var context = GetHttpContext(endpoint: CreateEndpoint(new AuthorizeAttribute()), authenticationService: authenticationService);
+
+            // Act
+            await middleware.Invoke(context);
+
+            // Assert
+            Assert.False(next.Called);
+            Assert.False(authenticationService.ChallengeCalled);
+            Assert.True(authenticationService.ForbidCalled);
+        }
+
+        [Fact]
+        public async Task Invoke_RequireUnknownRole_ForbidPerScheme()
+        {
+            // Arrange
+            var policy = new AuthorizationPolicyBuilder().RequireRole("Wut").AddAuthenticationSchemes("Basic", "Bearer").Build();
+            var policyProvider = new Mock<IAuthorizationPolicyProvider>();
+            policyProvider.Setup(p => p.GetDefaultPolicyAsync()).ReturnsAsync(policy);
+            var next = new TestRequestDelegate();
+            var authenticationService = new TestAuthenticationService();
+
+            var middleware = CreateMiddleware(next.Invoke, policyProvider.Object);
+            var context = GetHttpContext(endpoint: CreateEndpoint(new AuthorizeAttribute()), authenticationService: authenticationService);
+
+            // Act
+            await middleware.Invoke(context);
+
+            // Assert
+            Assert.False(next.Called);
+            Assert.Equal(2, authenticationService.ForbidCount);
+        }
+
+        [Fact]
+        public async Task Invoke_InvalidClaimShouldForbid()
+        {
+            // Arrange
+            var policy = new AuthorizationPolicyBuilder()
+                .RequireClaim("Permission", "CanViewComment")
+                .Build();
+            var policyProvider = new Mock<IAuthorizationPolicyProvider>();
+            policyProvider.Setup(p => p.GetDefaultPolicyAsync()).ReturnsAsync(policy);
+            var next = new TestRequestDelegate();
+            var authenticationService = new TestAuthenticationService();
+
+            var middleware = CreateMiddleware(next.Invoke, policyProvider.Object);
+            var context = GetHttpContext(endpoint: CreateEndpoint(new AuthorizeAttribute()), authenticationService: authenticationService);
+
+            // Act
+            await middleware.Invoke(context);
+
+            // Assert
+            Assert.False(next.Called);
+            Assert.False(authenticationService.ChallengeCalled);
+            Assert.True(authenticationService.ForbidCalled);
+        }
+
+        private AuthorizationMiddleware CreateMiddleware(RequestDelegate requestDelegate = null, IAuthorizationPolicyProvider policyProvider = null)
+        {
+            requestDelegate = requestDelegate ?? ((context) => Task.CompletedTask);
+
+            return new AuthorizationMiddleware(requestDelegate, policyProvider);
+        }
+
+        private Endpoint CreateEndpoint(params object[] metadata)
+        {
+            return new Endpoint(context => Task.CompletedTask, new EndpointMetadataCollection(metadata), "Test endpoint");
+        }
+
+        private HttpContext GetHttpContext(
+            bool anonymous = false,
+            Action<IServiceCollection> registerServices = null,
+            Endpoint endpoint = null,
+            IAuthenticationService authenticationService = null)
+        {
+            var basicPrincipal = new ClaimsPrincipal(
+                new ClaimsIdentity(
+                    new Claim[] {
+                        new Claim("Permission", "CanViewPage"),
+                        new Claim(ClaimTypes.Role, "Administrator"),
+                        new Claim(ClaimTypes.Role, "User"),
+                        new Claim(ClaimTypes.NameIdentifier, "John")},
+                        "Basic"));
+
+            var validUser = basicPrincipal;
+
+            var bearerIdentity = new ClaimsIdentity(
+                    new Claim[] {
+                        new Claim("Permission", "CupBearer"),
+                        new Claim(ClaimTypes.Role, "Token"),
+                        new Claim(ClaimTypes.NameIdentifier, "John Bear")},
+                        "Bearer");
+
+            validUser.AddIdentity(bearerIdentity);
+
+            // ServiceProvider
+            var serviceCollection = new ServiceCollection();
+
+            authenticationService = authenticationService ?? Mock.Of<IAuthenticationService>();
+
+            serviceCollection.AddSingleton(authenticationService);
+            serviceCollection.AddOptions();
+            serviceCollection.AddLogging();
+            serviceCollection.AddAuthorization();
+            serviceCollection.AddAuthorizationPolicyEvaluator();
+            registerServices?.Invoke(serviceCollection);
+
+            var serviceProvider = serviceCollection.BuildServiceProvider();
+
+            //// HttpContext
+            var httpContext = new DefaultHttpContext();
+            if (endpoint != null)
+            {
+                httpContext.SetEndpoint(endpoint);
+            }
+            httpContext.RequestServices = serviceProvider;
+            if (!anonymous)
+            {
+                httpContext.User = validUser;
+            }
+
+            return httpContext;
+        }
+
+        private class TestRequestDelegate
+        {
+            private readonly int _statusCode;
+
+            public bool Called => CalledCount > 0;
+            public int CalledCount { get; private set; }
+
+            public TestRequestDelegate(int statusCode = 200)
+            {
+                _statusCode = statusCode;
+            }
+
+            public Task Invoke(HttpContext context)
+            {
+                CalledCount++;
+                context.Response.StatusCode = _statusCode;
+                return Task.CompletedTask;
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs b/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs
index ef17b94620..230e95c4c4 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs
+++ b/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs
@@ -1025,6 +1025,11 @@ namespace Microsoft.AspNetCore.Authorization.Test
                 return Task.FromResult(new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build());
             }
 
+            public Task<AuthorizationPolicy> GetRequiredPolicyAsync()
+            {
+                return Task.FromResult<AuthorizationPolicy>(null);
+            }
+
             public Task<AuthorizationPolicy> GetPolicyAsync(string policyName)
             {
                 return Task.FromResult(new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build());
@@ -1059,6 +1064,11 @@ namespace Microsoft.AspNetCore.Authorization.Test
                 return Task.FromResult(new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build());
             }
 
+            public Task<AuthorizationPolicy> GetRequiredPolicyAsync()
+            {
+                return Task.FromResult<AuthorizationPolicy>(null);
+            }
+
             public Task<AuthorizationPolicy> GetPolicyAsync(string policyName)
             {
                 return Task.FromResult(new AuthorizationPolicyBuilder().RequireClaim(policyName).Build());
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj b/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
index d4379c3aab..40a8fff128 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
+++ b/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
@@ -2,6 +2,7 @@
 
   <PropertyGroup>
     <TargetFrameworks>$(StandardTestTfms)</TargetFrameworks>
+    <NoWarn>$(NoWarn);NU1605</NoWarn>
   </PropertyGroup>
 
   <ItemGroup>
@@ -11,8 +12,10 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.Http" Version="$(MicrosoftAspNetCoreHttpPackageVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Http.Abstractions" Version="$(MicrosoftAspNetCoreHttpAbstractionsPackageVersion)" />
     <PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="$(MicrosoftExtensionsDependencyInjectionPackageVersion)" />
     <PackageReference Include="Microsoft.Extensions.Logging" Version="$(MicrosoftExtensionsLoggingPackageVersion)" />
+    <PackageReference Include="Moq" Version="$(MoqPackageVersion)" />
   </ItemGroup>
 
 </Project>
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/TestObjects/TestAuthenticationService.cs b/test/Microsoft.AspNetCore.Authorization.Test/TestObjects/TestAuthenticationService.cs
new file mode 100644
index 0000000000..0c17693d16
--- /dev/null
+++ b/test/Microsoft.AspNetCore.Authorization.Test/TestObjects/TestAuthenticationService.cs
@@ -0,0 +1,58 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Linq;
+using System.Security.Claims;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Http;
+
+namespace Microsoft.AspNetCore.Authorization.Test.TestObjects
+{
+    public class TestAuthenticationService : IAuthenticationService
+    {
+        public bool ChallengeCalled => ChallengeCount > 0;
+        public bool ForbidCalled => ForbidCount > 0;
+        public bool AuthenticateCalled => AuthenticateCount > 0;
+
+        public int ChallengeCount { get; private set; }
+        public int ForbidCount { get; private set; }
+        public int AuthenticateCount { get; private set; }
+
+        public Task<AuthenticateResult> AuthenticateAsync(HttpContext context, string scheme)
+        {
+            AuthenticateCount++;
+
+            var identity = context.User.Identities.SingleOrDefault(i => i.AuthenticationType == scheme);
+            if (identity != null)
+            {
+                return Task.FromResult(AuthenticateResult.Success(new AuthenticationTicket(new ClaimsPrincipal(identity), scheme)));
+            }
+
+            return Task.FromResult(AuthenticateResult.Fail("Denied"));
+        }
+
+        public Task ChallengeAsync(HttpContext context, string scheme, AuthenticationProperties properties)
+        {
+            ChallengeCount++;
+            return Task.CompletedTask;
+        }
+
+        public Task ForbidAsync(HttpContext context, string scheme, AuthenticationProperties properties)
+        {
+            ForbidCount++;
+            return Task.CompletedTask;
+        }
+
+        public Task SignInAsync(HttpContext context, string scheme, ClaimsPrincipal principal, AuthenticationProperties properties)
+        {
+            throw new NotImplementedException();
+        }
+
+        public Task SignOutAsync(HttpContext context, string scheme, AuthenticationProperties properties)
+        {
+            throw new NotImplementedException();
+        }
+    }
+}
\ No newline at end of file

From 42dd66647dd389c242ff796a530b880c7b9d7a90 Mon Sep 17 00:00:00 2001
From: Ben McCallum <ben.mccallum@live.com.au>
Date: Tue, 13 Nov 2018 23:05:55 +0100
Subject: [PATCH 25/30] refactor: Rename param from requiredValues to
 allowedValues to better indicate usage. (#1908)

---
 .../AuthorizationPolicyBuilder.cs                    | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicyBuilder.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicyBuilder.cs
index 37335df8f2..ddca49d3ab 100644
--- a/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicyBuilder.cs
+++ b/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicyBuilder.cs
@@ -96,16 +96,16 @@ namespace Microsoft.AspNetCore.Authorization
         /// to the current instance.
         /// </summary>
         /// <param name="claimType">The claim type required.</param>
-        /// <param name="requiredValues">Values the claim must process one or more of for evaluation to succeed.</param>
+        /// <param name="allowedValues">Values the claim must process one or more of for evaluation to succeed.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
-        public AuthorizationPolicyBuilder RequireClaim(string claimType, params string[] requiredValues)
+        public AuthorizationPolicyBuilder RequireClaim(string claimType, params string[] allowedValues)
         {
             if (claimType == null)
             {
                 throw new ArgumentNullException(nameof(claimType));
             }
 
-            return RequireClaim(claimType, (IEnumerable<string>)requiredValues);
+            return RequireClaim(claimType, (IEnumerable<string>)allowedValues);
         }
 
         /// <summary>
@@ -113,16 +113,16 @@ namespace Microsoft.AspNetCore.Authorization
         /// to the current instance.
         /// </summary>
         /// <param name="claimType">The claim type required.</param>
-        /// <param name="requiredValues">Values the claim must process one or more of for evaluation to succeed.</param>
+        /// <param name="allowedValues">Values the claim must process one or more of for evaluation to succeed.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
-        public AuthorizationPolicyBuilder RequireClaim(string claimType, IEnumerable<string> requiredValues)
+        public AuthorizationPolicyBuilder RequireClaim(string claimType, IEnumerable<string> allowedValues)
         {
             if (claimType == null)
             {
                 throw new ArgumentNullException(nameof(claimType));
             }
 
-            Requirements.Add(new ClaimsAuthorizationRequirement(claimType, requiredValues));
+            Requirements.Add(new ClaimsAuthorizationRequirement(claimType, allowedValues));
             return this;
         }
 

From 7e14b052ea9cb935ec4f5cb0485b4edb5d41297a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?K=C3=A9vin=20Chalet?= <kevinchalet@gmail.com>
Date: Fri, 16 Nov 2018 00:12:42 +0100
Subject: [PATCH 26/30] Add AccessDeniedPath support to the OIDC/OAuth2/Twitter
 providers (#1887)

* Add AccessDeniedPath support to the OIDC/OAuth2/Twitter providers

* Update the code documentation and remove an unnecessary call to SignOutAsync()

* Introduce a new AccessDenied event and move most of the access denied handling logic to RemoteAuthenticationHandler

* Add ReturnUrlParameter support to RemoteAuthenticationHandler

* Remove AccessDeniedException and introduce RemoteAuthenticationHandler.HandleAccessDeniedErrorAsync()

* Use OriginalPath instead of Request.Path

* Update obsolete code comments

* Add unit tests for the new AccessDenied event

* Allow customizing the access denied path/return URL/return URL parameter from the AccessDenied event
---
 samples/OpenIdConnectSample/Startup.cs        |  11 ++
 .../CookieAuthenticationHandler.cs            |   4 +-
 .../OAuthHandler.cs                           |  12 +-
 .../OAuthOptions.cs                           |   6 +-
 .../OpenIdConnectHandler.cs                   |  14 ++-
 .../TwitterHandler.cs                         |  10 +-
 .../TwitterOptions.cs                         |   2 +-
 .../WsFederationHandler.cs                    |   2 +-
 .../Events/AccessDeniedContext.cs             |  44 ++++++++
 .../Events/RemoteAuthenticationEvents.cs      |   8 +-
 .../LoggingExtensions.cs                      |  52 +++++++--
 .../RemoteAuthenticationHandler.cs            |  44 ++++++++
 .../RemoteAuthenticationOptions.cs            |  16 +++
 .../GoogleTests.cs                            |  68 +++++++++++-
 .../OAuthTests.cs                             | 103 +++++++++++++++++-
 .../OpenIdConnect/OpenIdConnectEventTests.cs  |  60 +++++++++-
 .../TwitterTests.cs                           |  90 ++++++++++++++-
 17 files changed, 510 insertions(+), 36 deletions(-)
 create mode 100644 src/Microsoft.AspNetCore.Authentication/Events/AccessDeniedContext.cs

diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index 1aa7625cb0..a2b5a9a5ca 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -63,6 +63,7 @@ namespace OpenIdConnectSample
                 o.ResponseType = OpenIdConnectResponseType.CodeIdToken;
                 o.SaveTokens = true;
                 o.GetClaimsFromUserInfoEndpoint = true;
+                o.AccessDeniedPath = "/access-denied-from-remote";
 
                 o.ClaimActions.MapAllExcept("aud", "iss", "iat", "nbf", "exp", "aio", "c_hash", "uti", "nonce");
 
@@ -126,6 +127,16 @@ namespace OpenIdConnectSample
                     return;
                 }
 
+                if (context.Request.Path.Equals("/access-denied-from-remote"))
+                {
+                    await WriteHtmlAsync(response, async res =>
+                    {
+                        await res.WriteAsync($"<h1>Access Denied error received from the remote authorization server</h1>");
+                        await res.WriteAsync("<a class=\"btn btn-default\" href=\"/\">Home</a>");
+                    });
+                    return;
+                }
+
                 if (context.Request.Path.Equals("/Account/AccessDenied"))
                 {
                     await context.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
index b77a51ef4f..ff6bb3cbca 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -422,7 +422,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             var returnUrl = properties.RedirectUri;
             if (string.IsNullOrEmpty(returnUrl))
             {
-                returnUrl = OriginalPathBase + Request.Path + Request.QueryString;
+                returnUrl = OriginalPathBase + OriginalPath + Request.QueryString;
             }
             var accessDeniedUri = Options.AccessDeniedPath + QueryString.Create(Options.ReturnUrlParameter, returnUrl);
             var redirectContext = new RedirectContext<CookieAuthenticationOptions>(Context, Scheme, Options, properties, BuildRedirectUri(accessDeniedUri));
@@ -434,7 +434,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             var redirectUri = properties.RedirectUri;
             if (string.IsNullOrEmpty(redirectUri))
             {
-                redirectUri = OriginalPathBase + Request.Path + Request.QueryString;
+                redirectUri = OriginalPathBase + OriginalPath + Request.QueryString;
             }
 
             var loginUri = Options.LoginPath + QueryString.Create(Options.ReturnUrlParameter, redirectUri);
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
index 808e0f9039..05ba4df68d 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
@@ -63,6 +63,16 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
             var error = query["error"];
             if (!StringValues.IsNullOrEmpty(error))
             {
+                // Note: access_denied errors are special protocol errors indicating the user didn't
+                // approve the authorization demand requested by the remote authorization server.
+                // Since it's a frequent scenario (that is not caused by incorrect configuration),
+                // denied errors are handled differently using HandleAccessDeniedErrorAsync().
+                // Visit https://tools.ietf.org/html/rfc6749#section-4.1.2.1 for more information.
+                if (StringValues.Equals(error, "access_denied"))
+                {
+                    return await HandleAccessDeniedErrorAsync(properties);
+                }
+
                 var failureMessage = new StringBuilder();
                 failureMessage.Append(error);
                 var errorDescription = query["error_description"];
@@ -194,7 +204,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
         {
             if (string.IsNullOrEmpty(properties.RedirectUri))
             {
-                properties.RedirectUri = CurrentUri;
+                properties.RedirectUri = OriginalPathBase + OriginalPath + Request.QueryString;
             }
 
             // OAuth2 10.12 CSRF
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs
index 3c71f055f5..4eacbd0b30 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs
@@ -3,11 +3,9 @@
 
 using System;
 using System.Collections.Generic;
-using Microsoft.AspNetCore.Authentication;
-using Microsoft.AspNetCore.Authentication.OAuth;
-using Microsoft.AspNetCore.Authentication.OAuth.Claims;
-using Microsoft.AspNetCore.Http.Authentication;
 using System.Globalization;
+using Microsoft.AspNetCore.Authentication.OAuth.Claims;
+using Microsoft.AspNetCore.Http;
 
 namespace Microsoft.AspNetCore.Authentication.OAuth
 {
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 029cf541b7..8b0b72428a 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -186,7 +186,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 properties.RedirectUri = BuildRedirectUriIfRelative(Options.SignedOutRedirectUri);
                 if (string.IsNullOrWhiteSpace(properties.RedirectUri))
                 {
-                    properties.RedirectUri = CurrentUri;
+                    properties.RedirectUri = OriginalPathBase + OriginalPath + Request.QueryString;
                 }
             }
             Logger.PostSignOutRedirect(properties.RedirectUri);
@@ -312,7 +312,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             // 2. CurrentUri if RedirectUri is not set)
             if (string.IsNullOrEmpty(properties.RedirectUri))
             {
-                properties.RedirectUri = CurrentUri;
+                properties.RedirectUri = OriginalPathBase + OriginalPath + Request.QueryString;
             }
             Logger.PostAuthenticationLocalRedirect(properties.RedirectUri);
 
@@ -520,6 +520,16 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 // if any of the error fields are set, throw error null
                 if (!string.IsNullOrEmpty(authorizationResponse.Error))
                 {
+                    // Note: access_denied errors are special protocol errors indicating the user didn't
+                    // approve the authorization demand requested by the remote authorization server.
+                    // Since it's a frequent scenario (that is not caused by incorrect configuration),
+                    // denied errors are handled differently using HandleAccessDeniedErrorAsync().
+                    // Visit https://tools.ietf.org/html/rfc6749#section-4.1.2.1 for more information.
+                    if (string.Equals(authorizationResponse.Error, "access_denied", StringComparison.Ordinal))
+                    {
+                        return await HandleAccessDeniedErrorAsync(properties);
+                    }
+
                     return HandleRequestResult.Fail(CreateOpenIdConnectProtocolException(authorizationResponse, response: null), properties);
                 }
 
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
index 51dabbd99c..cc8591ed32 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
@@ -55,12 +55,14 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
 
             var properties = requestToken.Properties;
 
-            // REVIEW: see which of these are really errors
-
             var denied = query["denied"];
             if (!StringValues.IsNullOrEmpty(denied))
             {
-                return HandleRequestResult.Fail("The user denied permissions.", properties);
+                // Note: denied errors are special protocol errors indicating the user didn't
+                // approve the authorization demand requested by the remote authorization server.
+                // Since it's a frequent scenario (that is not caused by incorrect configuration),
+                // denied errors are handled differently using HandleAccessDeniedErrorAsync().
+                return await HandleAccessDeniedErrorAsync(properties);
             }
 
             var returnedToken = query["oauth_token"];
@@ -130,7 +132,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
         {
             if (string.IsNullOrEmpty(properties.RedirectUri))
             {
-                properties.RedirectUri = CurrentUri;
+                properties.RedirectUri = OriginalPathBase + OriginalPath + Request.QueryString;
             }
 
             // If CallbackConfirmed is false, this will throw
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs
index 03396807ee..269516ae1a 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs
@@ -2,8 +2,8 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Security.Claims;
 using System.Globalization;
+using System.Security.Claims;
 using Microsoft.AspNetCore.Authentication.OAuth.Claims;
 using Microsoft.AspNetCore.Http;
 
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationHandler.cs b/src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationHandler.cs
index e47f8431f9..c4bb8fff74 100644
--- a/src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationHandler.cs
@@ -83,7 +83,7 @@ namespace Microsoft.AspNetCore.Authentication.WsFederation
             // Save the original challenge URI so we can redirect back to it when we're done.
             if (string.IsNullOrEmpty(properties.RedirectUri))
             {
-                properties.RedirectUri = CurrentUri;
+                properties.RedirectUri = OriginalPathBase + OriginalPath + Request.QueryString;
             }
 
             var wsFederationMessage = new WsFederationMessage()
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/AccessDeniedContext.cs b/src/Microsoft.AspNetCore.Authentication/Events/AccessDeniedContext.cs
new file mode 100644
index 0000000000..f01d69453b
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication/Events/AccessDeniedContext.cs
@@ -0,0 +1,44 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNetCore.Http;
+
+namespace Microsoft.AspNetCore.Authentication
+{
+    /// <summary>
+    /// Provides access denied failure context information to handler providers.
+    /// </summary>
+    public class AccessDeniedContext : HandleRequestContext<RemoteAuthenticationOptions>
+    {
+        public AccessDeniedContext(
+            HttpContext context,
+            AuthenticationScheme scheme,
+            RemoteAuthenticationOptions options)
+            : base(context, scheme, options)
+        {
+        }
+
+        /// <summary>
+        /// Gets or sets the endpoint path the user agent will be redirected to.
+        /// By default, this property is set to <see cref="RemoteAuthenticationOptions.AccessDeniedPath"/>.
+        /// </summary>
+        public PathString AccessDeniedPath { get; set; }
+
+        /// <summary>
+        /// Additional state values for the authentication session.
+        /// </summary>
+        public AuthenticationProperties Properties { get; set; }
+
+        /// <summary>
+        /// Gets or sets the return URL that will be flowed up to the access denied page.
+        /// If <see cref="ReturnUrlParameter"/> is not set, this property is not used.
+        /// </summary>
+        public string ReturnUrl { get; set; }
+
+        /// <summary>
+        /// Gets or sets the parameter name that will be used to flow the return URL.
+        /// By default, this property is set to <see cref="RemoteAuthenticationOptions.ReturnUrlParameter"/>.
+        /// </summary>
+        public string ReturnUrlParameter { get; set; }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationEvents.cs b/src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationEvents.cs
index ca0f4a5c01..be4c6ab49e 100644
--- a/src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationEvents.cs
@@ -8,12 +8,18 @@ namespace Microsoft.AspNetCore.Authentication
 {
     public class RemoteAuthenticationEvents
     {
+        public Func<AccessDeniedContext, Task> OnAccessDenied { get; set; } = context => Task.CompletedTask;
         public Func<RemoteFailureContext, Task> OnRemoteFailure { get; set; } = context => Task.CompletedTask;
 
         public Func<TicketReceivedContext, Task> OnTicketReceived { get; set; } = context => Task.CompletedTask;
 
         /// <summary>
-        /// Invoked when there is a remote failure
+        /// Invoked when an access denied error was returned by the remote server.
+        /// </summary>
+        public virtual Task AccessDenied(AccessDeniedContext context) => OnAccessDenied(context);
+
+        /// <summary>
+        /// Invoked when there is a remote failure.
         /// </summary>
         public virtual Task RemoteFailure(RemoteFailureContext context) => OnRemoteFailure(context);
 
diff --git a/src/Microsoft.AspNetCore.Authentication/LoggingExtensions.cs b/src/Microsoft.AspNetCore.Authentication/LoggingExtensions.cs
index 8cba6c0d5e..042bfabca3 100644
--- a/src/Microsoft.AspNetCore.Authentication/LoggingExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication/LoggingExtensions.cs
@@ -7,17 +7,20 @@ namespace Microsoft.Extensions.Logging
 {
     internal static class LoggingExtensions
     {
-        private static Action<ILogger, string, Exception> _authSchemeAuthenticated;
-        private static Action<ILogger, string, Exception> _authSchemeNotAuthenticated;
-        private static Action<ILogger, string, string, Exception> _authSchemeNotAuthenticatedWithFailure;
-        private static Action<ILogger, string, Exception> _authSchemeChallenged;
-        private static Action<ILogger, string, Exception> _authSchemeForbidden;
-        private static Action<ILogger, string, Exception> _remoteAuthenticationError;
-        private static Action<ILogger, Exception> _signInHandled;
-        private static Action<ILogger, Exception> _signInSkipped;
-        private static Action<ILogger, string, Exception> _correlationPropertyNotFound;
-        private static Action<ILogger, string, Exception> _correlationCookieNotFound;
-        private static Action<ILogger, string, string, Exception> _unexpectedCorrelationCookieValue;
+        private static readonly Action<ILogger, string, Exception> _authSchemeAuthenticated;
+        private static readonly Action<ILogger, string, Exception> _authSchemeNotAuthenticated;
+        private static readonly Action<ILogger, string, string, Exception> _authSchemeNotAuthenticatedWithFailure;
+        private static readonly Action<ILogger, string, Exception> _authSchemeChallenged;
+        private static readonly Action<ILogger, string, Exception> _authSchemeForbidden;
+        private static readonly Action<ILogger, string, Exception> _remoteAuthenticationError;
+        private static readonly Action<ILogger, Exception> _signInHandled;
+        private static readonly Action<ILogger, Exception> _signInSkipped;
+        private static readonly Action<ILogger, string, Exception> _correlationPropertyNotFound;
+        private static readonly Action<ILogger, string, Exception> _correlationCookieNotFound;
+        private static readonly Action<ILogger, string, string, Exception> _unexpectedCorrelationCookieValue;
+        private static readonly Action<ILogger, Exception> _accessDeniedError;
+        private static readonly Action<ILogger, Exception> _accessDeniedContextHandled;
+        private static readonly Action<ILogger, Exception> _accessDeniedContextSkipped;
 
         static LoggingExtensions()
         {
@@ -65,6 +68,18 @@ namespace Microsoft.Extensions.Logging
                eventId: 16,
                logLevel: LogLevel.Warning,
                formatString: "The correlation cookie value '{CorrelationCookieName}' did not match the expected value '{CorrelationCookieValue}'.");
+            _accessDeniedError = LoggerMessage.Define(
+                eventId: 17,
+                logLevel: LogLevel.Information,
+                formatString: "Access was denied by the resource owner or by the remote server.");
+            _accessDeniedContextHandled = LoggerMessage.Define(
+                eventId: 18,
+                logLevel: LogLevel.Debug,
+                formatString: "The AccessDenied event returned Handled.");
+            _accessDeniedContextSkipped = LoggerMessage.Define(
+                eventId: 19,
+                logLevel: LogLevel.Debug,
+                formatString: "The AccessDenied event returned Skipped.");
         }
 
         public static void AuthenticationSchemeAuthenticated(this ILogger logger, string authenticationScheme)
@@ -121,5 +136,20 @@ namespace Microsoft.Extensions.Logging
         {
             _unexpectedCorrelationCookieValue(logger, cookieName, cookieValue, null);
         }
+
+        public static void AccessDeniedError(this ILogger logger)
+        {
+            _accessDeniedError(logger, null);
+        }
+
+        public static void AccessDeniedContextHandled(this ILogger logger)
+        {
+            _accessDeniedContextHandled(logger, null);
+        }
+
+        public static void AccessDeniedContextSkipped(this ILogger logger)
+        {
+            _accessDeniedContextSkipped(logger, null);
+        }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
index bea4895d62..c72583b5ce 100644
--- a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
@@ -5,6 +5,7 @@ using System;
 using System.Security.Cryptography;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
+using Microsoft.AspNetCore.WebUtilities;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 
@@ -241,5 +242,48 @@ namespace Microsoft.AspNetCore.Authentication
 
             return true;
         }
+
+        protected virtual async Task<HandleRequestResult> HandleAccessDeniedErrorAsync(AuthenticationProperties properties)
+        {
+            Logger.AccessDeniedError();
+            var context = new AccessDeniedContext(Context, Scheme, Options)
+            {
+                AccessDeniedPath = Options.AccessDeniedPath,
+                Properties = properties,
+                ReturnUrl = properties?.RedirectUri,
+                ReturnUrlParameter = Options.ReturnUrlParameter
+            };
+            await Events.AccessDenied(context);
+
+            if (context.Result != null)
+            {
+                if (context.Result.Handled)
+                {
+                    Logger.AccessDeniedContextHandled();
+                }
+                else if (context.Result.Skipped)
+                {
+                    Logger.AccessDeniedContextSkipped();
+                }
+
+                return context.Result;
+            }
+
+            // If an access denied endpoint was specified, redirect the user agent.
+            // Otherwise, invoke the RemoteFailure event for further processing.
+            if (context.AccessDeniedPath.HasValue)
+            {
+                string uri = context.AccessDeniedPath;
+                if (!string.IsNullOrEmpty(context.ReturnUrlParameter) && !string.IsNullOrEmpty(context.ReturnUrl))
+                {
+                    uri = QueryHelpers.AddQueryString(uri, context.ReturnUrlParameter, context.ReturnUrl);
+                }
+                Response.Redirect(uri);
+
+                return HandleRequestResult.Handle();
+            }
+
+            return HandleRequestResult.Fail("Access was denied by the resource owner or by the remote server.", properties);
+        }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
index 1bd3b210e5..188b7a9917 100644
--- a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
@@ -89,6 +89,22 @@ namespace Microsoft.AspNetCore.Authentication
         /// </summary>
         public PathString CallbackPath { get; set; }
 
+        /// <summary>
+        /// Gets or sets the optional path the user agent is redirected to if the user
+        /// doesn't approve the authorization demand requested by the remote server.
+        /// This property is not set by default. In this case, an exception is thrown
+        /// if an access_denied response is returned by the remote authorization server.
+        /// </summary>
+        public PathString AccessDeniedPath { get; set; }
+
+        /// <summary>
+        /// Gets or sets the name of the parameter used to convey the original location
+        /// of the user before the remote challenge was triggered up to the access denied page.
+        /// This property is only used when the <see cref="AccessDeniedPath"/> is explicitly specified.
+        /// </summary>
+        // Note: this deliberately matches the default parameter name used by the cookie handler.
+        public string ReturnUrlParameter { get; set; } = "ReturnUrl";
+
         /// <summary>
         /// Gets or sets the authentication scheme corresponding to the middleware
         /// responsible of persisting user's identity after a successful authentication.
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
index 19d7d898b7..ce158eaf20 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
@@ -357,6 +357,70 @@ namespace Microsoft.AspNetCore.Authentication.Google
             Assert.Equal("The oauth state was missing or invalid.", error.GetBaseException().Message);
         }
 
+        [Theory]
+        [InlineData(true)]
+        [InlineData(false)]
+        public async Task ReplyPathWithAccessDeniedErrorFails(bool redirect)
+        {
+            var server = CreateServer(o =>
+            {
+                o.ClientId = "Test Id";
+                o.ClientSecret = "Test Secret";
+                o.StateDataFormat = new TestStateDataFormat();
+                o.Events = redirect ? new OAuthEvents()
+                {
+                    OnAccessDenied = ctx =>
+                    {
+                        ctx.Response.Redirect("/error?FailureMessage=AccessDenied");
+                        ctx.HandleResponse();
+                        return Task.FromResult(0);
+                    }
+                } : new OAuthEvents();
+            });
+            var sendTask = server.SendAsync("https://example.com/signin-google?error=access_denied&error_description=SoBad&error_uri=foobar&state=protected_state",
+                ".AspNetCore.Correlation.Google.correlationId=N");
+            if (redirect)
+            {
+                var transaction = await sendTask;
+                Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
+                Assert.Equal("/error?FailureMessage=AccessDenied", transaction.Response.Headers.GetValues("Location").First());
+            }
+            else
+            {
+                var error = await Assert.ThrowsAnyAsync<Exception>(() => sendTask);
+                Assert.Equal("Access was denied by the resource owner or by the remote server.", error.GetBaseException().Message);
+            }
+        }
+
+        [Fact]
+        public async Task ReplyPathWithAccessDeniedError_AllowsCustomizingPath()
+        {
+            var server = CreateServer(o =>
+            {
+                o.ClientId = "Test Id";
+                o.ClientSecret = "Test Secret";
+                o.StateDataFormat = new TestStateDataFormat();
+                o.AccessDeniedPath = "/access-denied";
+                o.Events = new OAuthEvents()
+                {
+                    OnAccessDenied = ctx =>
+                    {
+                        Assert.Equal("/access-denied", ctx.AccessDeniedPath.Value);
+                        Assert.Equal("http://testhost/redirect", ctx.ReturnUrl);
+                        Assert.Equal("ReturnUrl", ctx.ReturnUrlParameter);
+                        ctx.AccessDeniedPath = "/custom-denied-page";
+                        ctx.ReturnUrl = "http://www.google.com/";
+                        ctx.ReturnUrlParameter = "rurl";
+                        return Task.FromResult(0);
+                    }
+                };
+            });
+            var transaction = await server.SendAsync("https://example.com/signin-google?error=access_denied&error_description=SoBad&error_uri=foobar&state=protected_state",
+                ".AspNetCore.Correlation.Google.correlationId=N");
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
+            Assert.Equal("/custom-denied-page?rurl=http%3A%2F%2Fwww.google.com%2F", transaction.Response.Headers.GetValues("Location").First());
+        }
+
         [Theory]
         [InlineData(true)]
         [InlineData(false)]
@@ -378,7 +442,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
                 } : new OAuthEvents();
             });
             var sendTask = server.SendAsync("https://example.com/signin-google?error=OMG&error_description=SoBad&error_uri=foobar&state=protected_state",
-                ".AspNetCore.Correlation.Google.corrilationId=N");
+                ".AspNetCore.Correlation.Google.correlationId=N");
             if (redirect)
             {
                 var transaction = await sendTask;
@@ -1205,7 +1269,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
                 Assert.Equal("protected_state", protectedText);
                 var properties = new AuthenticationProperties(new Dictionary<string, string>()
                 {
-                    { ".xsrf", "corrilationId" },
+                    { ".xsrf", "correlationId" },
                     { "testkey", "testvalue" }
                 });
                 properties.RedirectUri = "http://testhost/redirect";
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
index 87131b8d7b..838798ceaf 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
@@ -251,6 +251,101 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
             o.CallbackPath = "/oauth-callback";
         }
 
+        [Fact]
+        public async Task HandleRequestAsync_RedirectsToAccessDeniedPathWhenExplicitlySet()
+        {
+            var server = CreateServer(
+                s => s.AddAuthentication().AddOAuth(
+                    "Weblie",
+                    opt =>
+                    {
+                        opt.ClientId = "Test Id";
+                        opt.ClientSecret = "secret";
+                        opt.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                        opt.AuthorizationEndpoint = "https://example.com/provider/login";
+                        opt.TokenEndpoint = "https://example.com/provider/token";
+                        opt.CallbackPath = "/oauth-callback";
+                        opt.AccessDeniedPath = "/access-denied";
+                        opt.StateDataFormat = new TestStateDataFormat();
+                        opt.Events.OnRemoteFailure = context => throw new InvalidOperationException("This event should not be called.");
+                    }));
+
+            var transaction = await server.SendAsync("https://www.example.com/oauth-callback?error=access_denied&state=protected_state",
+                ".AspNetCore.Correlation.Weblie.correlationId=N");
+
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
+            Assert.Equal("/access-denied?ReturnUrl=http%3A%2F%2Ftesthost%2Fredirect", transaction.Response.Headers.Location.ToString());
+        }
+
+        [Fact]
+        public async Task HandleRequestAsync_InvokesAccessDeniedEvent()
+        {
+            var server = CreateServer(
+                s => s.AddAuthentication().AddOAuth(
+                    "Weblie",
+                    opt =>
+                    {
+                        opt.ClientId = "Test Id";
+                        opt.ClientSecret = "secret";
+                        opt.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                        opt.AuthorizationEndpoint = "https://example.com/provider/login";
+                        opt.TokenEndpoint = "https://example.com/provider/token";
+                        opt.CallbackPath = "/oauth-callback";
+                        opt.StateDataFormat = new TestStateDataFormat();
+                        opt.Events = new OAuthEvents()
+                        {
+                            OnAccessDenied = context =>
+                            {
+                                Assert.Equal("testvalue", context.Properties.Items["testkey"]);
+                                context.Response.StatusCode = StatusCodes.Status406NotAcceptable;
+                                context.HandleResponse();
+                                return Task.CompletedTask;
+                            }
+                        };
+                    }));
+
+            var transaction = await server.SendAsync("https://www.example.com/oauth-callback?error=access_denied&state=protected_state",
+                ".AspNetCore.Correlation.Weblie.correlationId=N");
+
+            Assert.Equal(HttpStatusCode.NotAcceptable, transaction.Response.StatusCode);
+            Assert.Null(transaction.Response.Headers.Location);
+        }
+
+        [Fact]
+        public async Task HandleRequestAsync_InvokesRemoteFailureEventWhenAccessDeniedPathIsNotExplicitlySet()
+        {
+            var server = CreateServer(
+                s => s.AddAuthentication().AddOAuth(
+                    "Weblie",
+                    opt =>
+                    {
+                        opt.ClientId = "Test Id";
+                        opt.ClientSecret = "secret";
+                        opt.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                        opt.AuthorizationEndpoint = "https://example.com/provider/login";
+                        opt.TokenEndpoint = "https://example.com/provider/token";
+                        opt.CallbackPath = "/oauth-callback";
+                        opt.StateDataFormat = new TestStateDataFormat();
+                        opt.Events = new OAuthEvents()
+                        {
+                            OnRemoteFailure = context =>
+                            {
+                                Assert.Equal("Access was denied by the resource owner or by the remote server.", context.Failure.Message);
+                                Assert.Equal("testvalue", context.Properties.Items["testkey"]);
+                                context.Response.StatusCode = StatusCodes.Status406NotAcceptable;
+                                context.HandleResponse();
+                                return Task.CompletedTask;
+                            }
+                        };
+                    }));
+
+            var transaction = await server.SendAsync("https://www.example.com/oauth-callback?error=access_denied&state=protected_state",
+                ".AspNetCore.Correlation.Weblie.correlationId=N");
+
+            Assert.Equal(HttpStatusCode.NotAcceptable, transaction.Response.StatusCode);
+            Assert.Null(transaction.Response.Headers.Location);
+        }
+
         [Fact]
         public async Task RemoteAuthenticationFailed_OAuthError_IncludesProperties()
         {
@@ -270,7 +365,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
                         {
                             OnRemoteFailure = context =>
                             {
-                                Assert.Contains("declined", context.Failure.Message);
+                                Assert.Contains("custom_error", context.Failure.Message);
                                 Assert.Equal("testvalue", context.Properties.Items["testkey"]);
                                 context.Response.StatusCode = StatusCodes.Status406NotAcceptable;
                                 context.HandleResponse();
@@ -279,8 +374,8 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
                         };
                     }));
 
-            var transaction = await server.SendAsync("https://www.example.com/oauth-callback?error=declined&state=protected_state",
-                ".AspNetCore.Correlation.Weblie.corrilationId=N");
+            var transaction = await server.SendAsync("https://www.example.com/oauth-callback?error=custom_error&state=protected_state",
+                ".AspNetCore.Correlation.Weblie.correlationId=N");
 
             Assert.Equal(HttpStatusCode.NotAcceptable, transaction.Response.StatusCode);
             Assert.Null(transaction.Response.Headers.Location);
@@ -323,7 +418,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
                 Assert.Equal("protected_state", protectedText);
                 var properties = new AuthenticationProperties(new Dictionary<string, string>()
                 {
-                    { ".xsrf", "corrilationId" },
+                    { ".xsrf", "correlationId" },
                     { "testkey", "testvalue" }
                 });
                 properties.RedirectUri = "http://testhost/redirect";
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectEventTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectEventTests.cs
index 7530b00c31..090bf3dec4 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectEventTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectEventTests.cs
@@ -783,6 +783,52 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             events.ValidateExpectations();
         }
 
+        [Fact]
+        public async Task OnAccessDenied_Skip_NoMoreEventsRun()
+        {
+            var events = new ExpectedOidcEvents()
+            {
+                ExpectMessageReceived = true,
+                ExpectAccessDenied = true
+            };
+            events.OnAccessDenied = context =>
+            {
+                context.SkipHandler();
+                return Task.FromResult(0);
+            };
+            var server = CreateServer(events, AppWritePath);
+
+            var response = await PostAsync(server, "signin-oidc", "error=access_denied&state=protected_state");
+
+            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+            Assert.Equal("/signin-oidc", await response.Content.ReadAsStringAsync());
+            events.ValidateExpectations();
+        }
+
+        [Fact]
+        public async Task OnAccessDenied_Handled_NoMoreEventsRun()
+        {
+            var events = new ExpectedOidcEvents()
+            {
+                ExpectMessageReceived = true,
+                ExpectAccessDenied = true
+            };
+            events.OnAccessDenied = context =>
+            {
+                Assert.Equal("testvalue", context.Properties.Items["testkey"]);
+                context.HandleResponse();
+                context.Response.StatusCode = StatusCodes.Status202Accepted;
+                return Task.FromResult(0);
+            };
+            var server = CreateServer(events, AppNotImpl);
+
+            var response = await PostAsync(server, "signin-oidc", "error=access_denied&state=protected_state");
+
+            Assert.Equal(HttpStatusCode.Accepted, response.StatusCode);
+            Assert.Equal("", await response.Content.ReadAsStringAsync());
+            events.ValidateExpectations();
+        }
+
         [Fact]
         public async Task OnRemoteFailure_Skip_NoMoreEventsRun()
         {
@@ -1099,6 +1145,9 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             public bool ExpectTokenValidated { get; set; }
             public bool InvokedTokenValidated { get; set; }
 
+            public bool ExpectAccessDenied { get; set; }
+            public bool InvokedAccessDenied { get; set; }
+
             public bool ExpectRemoteFailure { get; set; }
             public bool InvokedRemoteFailure { get; set; }
 
@@ -1168,6 +1217,12 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 return base.TicketReceived(context);
             }
 
+            public override Task AccessDenied(AccessDeniedContext context)
+            {
+                InvokedAccessDenied = true;
+                return base.AccessDenied(context);
+            }
+
             public override Task RemoteFailure(RemoteFailureContext context)
             {
                 InvokedRemoteFailure = true;
@@ -1201,6 +1256,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 Assert.Equal(ExpectUserInfoReceived, InvokedUserInfoReceived);
                 Assert.Equal(ExpectAuthenticationFailed, InvokeAuthenticationFailed);
                 Assert.Equal(ExpectTicketReceived, InvokedTicketReceived);
+                Assert.Equal(ExpectAccessDenied, InvokedAccessDenied);
                 Assert.Equal(ExpectRemoteFailure, InvokedRemoteFailure);
                 Assert.Equal(ExpectRedirectForSignOut, InvokedRedirectForSignOut);
                 Assert.Equal(ExpectRemoteSignOut, InvokedRemoteSignOut);
@@ -1248,7 +1304,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
         private Task<HttpResponseMessage> PostAsync(TestServer server, string path, string form)
         {
             var client = server.CreateClient();
-            var cookie = ".AspNetCore.Correlation." + OpenIdConnectDefaults.AuthenticationScheme + ".corrilationId=N";
+            var cookie = ".AspNetCore.Correlation." + OpenIdConnectDefaults.AuthenticationScheme + ".correlationId=N";
             client.DefaultRequestHeaders.Add("Cookie", cookie);
             return client.PostAsync("signin-oidc",
                 new StringContent(form, Encoding.ASCII, "application/x-www-form-urlencoded"));
@@ -1273,7 +1329,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 Assert.Equal("protected_state", protectedText);
                 var properties = new AuthenticationProperties(new Dictionary<string, string>()
                 {
-                    { ".xsrf", "corrilationId" },
+                    { ".xsrf", "correlationId" },
                     { OpenIdConnectDefaults.RedirectUriForCodePropertiesKey, "redirect_uri" },
                     { "testkey", "testvalue" }
                 });
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
index c438b1f3f7..8eb7a5cd7d 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
@@ -174,6 +174,94 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
             Assert.Contains("https://api.twitter.com/oauth/authenticate?oauth_token=", location);
         }
 
+        [Fact]
+        public async Task HandleRequestAsync_RedirectsToAccessDeniedPathWhenExplicitlySet()
+        {
+            var server = CreateServer(o =>
+            {
+                o.ConsumerKey = "Test Consumer Key";
+                o.ConsumerSecret = "Test Consumer Secret";
+                o.BackchannelHttpHandler = new TestHttpMessageHandler
+                {
+                    Sender = BackchannelRequestToken
+                };
+                o.AccessDeniedPath = "/access-denied";
+                o.Events.OnRemoteFailure = context => throw new InvalidOperationException("This event should not be called.");
+            },
+            async context =>
+            {
+                var properties = new AuthenticationProperties();
+                properties.Items["testkey"] = "testvalue";
+                await context.ChallengeAsync("Twitter", properties);
+                return true;
+            });
+            var transaction = await server.SendAsync("http://example.com/challenge");
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
+            var location = transaction.Response.Headers.Location.AbsoluteUri;
+            Assert.Contains("https://api.twitter.com/oauth/authenticate?oauth_token=", location);
+            Assert.True(transaction.Response.Headers.TryGetValues(HeaderNames.SetCookie, out var setCookie));
+            Assert.True(SetCookieHeaderValue.TryParseList(setCookie.ToList(), out var setCookieValues));
+            Assert.Single(setCookieValues);
+            var setCookieValue = setCookieValues.Single();
+            var cookie = new CookieHeaderValue(setCookieValue.Name, setCookieValue.Value);
+
+            var request = new HttpRequestMessage(HttpMethod.Get, "/signin-twitter?denied=ABCDEFG");
+            request.Headers.Add(HeaderNames.Cookie, cookie.ToString());
+            var client = server.CreateClient();
+            var response = await client.SendAsync(request);
+
+            Assert.Equal(HttpStatusCode.Redirect, response.StatusCode);
+            Assert.Equal("/access-denied?ReturnUrl=%2Fchallenge", response.Headers.Location.ToString());
+        }
+
+        [Fact]
+        public async Task BadCallbackCallsAccessDeniedWithState()
+        {
+            var server = CreateServer(o =>
+            {
+                o.ConsumerKey = "Test Consumer Key";
+                o.ConsumerSecret = "Test Consumer Secret";
+                o.BackchannelHttpHandler = new TestHttpMessageHandler
+                {
+                    Sender = BackchannelRequestToken
+                };
+                o.Events = new TwitterEvents()
+                {
+                    OnAccessDenied = context =>
+                    {
+                        Assert.NotNull(context.Properties);
+                        Assert.Equal("testvalue", context.Properties.Items["testkey"]);
+                        context.Response.StatusCode = StatusCodes.Status406NotAcceptable;
+                        context.HandleResponse();
+                        return Task.CompletedTask;
+                    }
+                };
+            },
+            async context =>
+            {
+                var properties = new AuthenticationProperties();
+                properties.Items["testkey"] = "testvalue";
+                await context.ChallengeAsync("Twitter", properties);
+                return true;
+            });
+            var transaction = await server.SendAsync("http://example.com/challenge");
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
+            var location = transaction.Response.Headers.Location.AbsoluteUri;
+            Assert.Contains("https://api.twitter.com/oauth/authenticate?oauth_token=", location);
+            Assert.True(transaction.Response.Headers.TryGetValues(HeaderNames.SetCookie, out var setCookie));
+            Assert.True(SetCookieHeaderValue.TryParseList(setCookie.ToList(), out var setCookieValues));
+            Assert.Single(setCookieValues);
+            var setCookieValue = setCookieValues.Single();
+            var cookie = new CookieHeaderValue(setCookieValue.Name, setCookieValue.Value);
+
+            var request = new HttpRequestMessage(HttpMethod.Get, "/signin-twitter?denied=ABCDEFG");
+            request.Headers.Add(HeaderNames.Cookie, cookie.ToString());
+            var client = server.CreateClient();
+            var response = await client.SendAsync(request);
+
+            Assert.Equal(HttpStatusCode.NotAcceptable, response.StatusCode);
+        }
+
         [Fact]
         public async Task BadCallbackCallsRemoteAuthFailedWithState()
         {
@@ -190,7 +278,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
                     OnRemoteFailure = context =>
                     {
                         Assert.NotNull(context.Failure);
-                        Assert.Equal("The user denied permissions.", context.Failure.Message);
+                        Assert.Equal("Access was denied by the resource owner or by the remote server.", context.Failure.Message);
                         Assert.NotNull(context.Properties);
                         Assert.Equal("testvalue", context.Properties.Items["testkey"]);
                         context.Response.StatusCode = StatusCodes.Status406NotAcceptable;

From d1ee5a22fbda54fc2352d937d7064b451a95b72a Mon Sep 17 00:00:00 2001
From: Hao Kung <HaoK@users.noreply.github.com>
Date: Fri, 16 Nov 2018 14:25:30 -0800
Subject: [PATCH 27/30] Remove obsolete apis (#1915)

---
 .../CookieAuthenticationOptions.cs            | 63 -------------------
 .../breakingchanges.netcore.json              | 52 +++++++++++++++
 .../JwtBearerHandler.cs                       |  2 +-
 .../breakingchanges.netcore.json              |  7 +++
 ...thenticationServiceCollectionExtensions.cs | 42 -------------
 .../breakingchanges.netcore.json              | 22 +++++++
 .../AuthorizeAttribute.cs                     | 10 ---
 7 files changed, 82 insertions(+), 116 deletions(-)
 create mode 100644 src/Microsoft.AspNetCore.Authentication.Cookies/breakingchanges.netcore.json
 create mode 100644 src/Microsoft.AspNetCore.Authentication.JwtBearer/breakingchanges.netcore.json
 create mode 100644 src/Microsoft.AspNetCore.Authentication/breakingchanges.netcore.json

diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
index 35017f9c4d..78156caecc 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
@@ -147,68 +147,5 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         /// </para>
         /// </summary>
         public TimeSpan ExpireTimeSpan { get; set; }
-
-        #region Obsolete API
-        /// <summary>
-        /// <para>
-        /// This property is obsolete and will be removed in a future version. The recommended alternative is <seealso cref="CookieBuilder.Name"/> on <see cref="Cookie"/>.
-        /// </para>
-        /// <para>
-        /// Determines the cookie name used to persist the identity. The default value is ".AspNetCore.Cookies".
-        /// This value should be changed if you change the name of the AuthenticationScheme, especially if your
-        /// system uses the cookie authentication handler multiple times.
-        /// </para>
-        /// </summary>
-        [Obsolete("This property is obsolete and will be removed in a future version. The recommended alternative is " + nameof(Cookie) + "." + nameof(CookieBuilder.Name) + ".")]
-        public string CookieName { get => Cookie.Name; set => Cookie.Name = value; }
-
-        /// <summary>
-        /// <para>
-        /// This property is obsolete and will be removed in a future version. The recommended alternative is <seealso cref="CookieBuilder.Domain"/> on <see cref="Cookie"/>.
-        /// </para>
-        /// <para>
-        /// Determines the domain used to create the cookie. Is not provided by default.
-        /// </para>
-        /// </summary>
-        [Obsolete("This property is obsolete and will be removed in a future version. The recommended alternative is " + nameof(Cookie) + "." + nameof(CookieBuilder.Domain) + ".")]
-        public string CookieDomain { get => Cookie.Domain; set => Cookie.Domain = value; }
-
-        /// <summary>
-        /// <para>
-        /// This property is obsolete and will be removed in a future version. The recommended alternative is <seealso cref="CookieBuilder.Path"/> on <see cref="Cookie"/>.
-        /// </para>
-        /// <para>
-        /// Determines the path used to create the cookie. The default value is "/" for highest browser compatibility.
-        /// </para>
-        /// </summary>
-        [Obsolete("This property is obsolete and will be removed in a future version. The recommended alternative is " + nameof(Cookie) + "." + nameof(CookieBuilder.Path) + ".")]
-        public string CookiePath { get => Cookie.Path; set => Cookie.Path = value; }
-
-        /// <summary>
-        /// <para>
-        /// This property is obsolete and will be removed in a future version. The recommended alternative is <seealso cref="CookieBuilder.HttpOnly"/> on <see cref="Cookie"/>.
-        /// </para>
-        /// <para>
-        /// Determines if the browser should allow the cookie to be accessed by client-side javascript. The
-        /// default is true, which means the cookie will only be passed to http requests and is not made available
-        /// to script on the page.
-        /// </para>
-        /// </summary>
-        [Obsolete("This property is obsolete and will be removed in a future version. The recommended alternative is " + nameof(Cookie) + "." + nameof(CookieBuilder.HttpOnly) + ".")]
-        public bool CookieHttpOnly { get => Cookie.HttpOnly; set => Cookie.HttpOnly = value; }
-
-        /// <summary>
-        /// <para>
-        /// This property is obsolete and will be removed in a future version. The recommended alternative is <seealso cref="CookieBuilder.SecurePolicy"/> on <see cref="Cookie"/>.
-        /// </para>
-        /// <para>
-        /// Determines if the cookie should only be transmitted on HTTPS request. The default is to limit the cookie
-        /// to HTTPS requests if the page which is doing the SignIn is also HTTPS. If you have an HTTPS sign in page
-        /// and portions of your site are HTTP you may need to change this value.
-        /// </para>
-        /// </summary>
-        [Obsolete("This property is obsolete and will be removed in a future version. The recommended alternative is " + nameof(Cookie) + "." + nameof(CookieBuilder.SecurePolicy) + ".")]
-        public CookieSecurePolicy CookieSecure { get => Cookie.SecurePolicy; set => Cookie.SecurePolicy = value; }
-        #endregion
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/breakingchanges.netcore.json b/src/Microsoft.AspNetCore.Authentication.Cookies/breakingchanges.netcore.json
new file mode 100644
index 0000000000..7a1ab79625
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/breakingchanges.netcore.json
@@ -0,0 +1,52 @@
+  [
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions : Microsoft.AspNetCore.Authentication.AuthenticationSchemeOptions",
+      "MemberId": "public Microsoft.AspNetCore.Http.CookieSecurePolicy get_CookieSecure()",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions : Microsoft.AspNetCore.Authentication.AuthenticationSchemeOptions",
+      "MemberId": "public System.Boolean get_CookieHttpOnly()",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions : Microsoft.AspNetCore.Authentication.AuthenticationSchemeOptions",
+      "MemberId": "public System.String get_CookieDomain()",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions : Microsoft.AspNetCore.Authentication.AuthenticationSchemeOptions",
+      "MemberId": "public System.String get_CookieName()",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions : Microsoft.AspNetCore.Authentication.AuthenticationSchemeOptions",
+      "MemberId": "public System.String get_CookiePath()",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions : Microsoft.AspNetCore.Authentication.AuthenticationSchemeOptions",
+      "MemberId": "public System.Void set_CookieDomain(System.String value)",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions : Microsoft.AspNetCore.Authentication.AuthenticationSchemeOptions",
+      "MemberId": "public System.Void set_CookieHttpOnly(System.Boolean value)",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions : Microsoft.AspNetCore.Authentication.AuthenticationSchemeOptions",
+      "MemberId": "public System.Void set_CookieName(System.String value)",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions : Microsoft.AspNetCore.Authentication.AuthenticationSchemeOptions",
+      "MemberId": "public System.Void set_CookiePath(System.String value)",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions : Microsoft.AspNetCore.Authentication.AuthenticationSchemeOptions",
+      "MemberId": "public System.Void set_CookieSecure(Microsoft.AspNetCore.Http.CookieSecurePolicy value)",
+      "Kind": "Removal"
+    }
+  ]
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
index 452d9639f4..4f03ccd69a 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
@@ -22,7 +22,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
     {
         private OpenIdConnectConfiguration _configuration;
 
-        public JwtBearerHandler(IOptionsMonitor<JwtBearerOptions> options, ILoggerFactory logger, UrlEncoder encoder, IDataProtectionProvider dataProtection, ISystemClock clock)
+        public JwtBearerHandler(IOptionsMonitor<JwtBearerOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock)
             : base(options, logger, encoder, clock)
         { }
 
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/breakingchanges.netcore.json b/src/Microsoft.AspNetCore.Authentication.JwtBearer/breakingchanges.netcore.json
new file mode 100644
index 0000000000..d17003a80a
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/breakingchanges.netcore.json
@@ -0,0 +1,7 @@
+  [
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler : Microsoft.AspNetCore.Authentication.AuthenticationHandler<Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerOptions>",
+      "MemberId": "public .ctor(Microsoft.Extensions.Options.IOptionsMonitor<Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerOptions> options, Microsoft.Extensions.Logging.ILoggerFactory logger, System.Text.Encodings.Web.UrlEncoder encoder, Microsoft.AspNetCore.DataProtection.IDataProtectionProvider dataProtection, Microsoft.AspNetCore.Authentication.ISystemClock clock)",
+      "Kind": "Removal"
+    }
+  ]
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs
index b274eaace4..6c381b84ab 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs
@@ -46,48 +46,6 @@ namespace Microsoft.Extensions.DependencyInjection
             return builder;
         }
 
-        [Obsolete("AddScheme is obsolete. Use AddAuthentication().AddScheme instead.")]
-        public static IServiceCollection AddScheme<TOptions, THandler>(this IServiceCollection services, string authenticationScheme, string displayName, Action<AuthenticationSchemeBuilder> configureScheme, Action<TOptions> configureOptions)
-            where TOptions : AuthenticationSchemeOptions, new()
-            where THandler : AuthenticationHandler<TOptions>
-        {
-            services.AddAuthentication(o =>
-            {
-                o.AddScheme(authenticationScheme, scheme => {
-                    scheme.HandlerType = typeof(THandler);
-                    scheme.DisplayName = displayName;
-                    configureScheme?.Invoke(scheme);
-                });
-            });
-            if (configureOptions != null)
-            {
-                services.Configure(authenticationScheme, configureOptions);
-            }
-            services.AddTransient<THandler>();
-            return services;
-        }
-
-        [Obsolete("AddScheme is obsolete. Use AddAuthentication().AddScheme instead.")]
-        public static IServiceCollection AddScheme<TOptions, THandler>(this IServiceCollection services, string authenticationScheme, Action<TOptions> configureOptions)
-            where TOptions : AuthenticationSchemeOptions, new()
-            where THandler : AuthenticationHandler<TOptions>
-            => services.AddScheme<TOptions, THandler>(authenticationScheme, displayName: null, configureScheme: null, configureOptions: configureOptions);
-
-        [Obsolete("AddScheme is obsolete. Use AddAuthentication().AddScheme instead.")]
-        public static IServiceCollection AddScheme<TOptions, THandler>(this IServiceCollection services, string authenticationScheme, string displayName, Action<TOptions> configureOptions)
-            where TOptions : AuthenticationSchemeOptions, new()
-            where THandler : AuthenticationHandler<TOptions>
-            => services.AddScheme<TOptions, THandler>(authenticationScheme, displayName, configureScheme: null, configureOptions: configureOptions);
-
-        [Obsolete("AddScheme is obsolete. Use AddAuthentication().AddScheme instead.")]
-        public static IServiceCollection AddRemoteScheme<TOptions, THandler>(this IServiceCollection services, string authenticationScheme, string displayName, Action<TOptions> configureOptions)
-            where TOptions : RemoteAuthenticationOptions, new()
-            where THandler : RemoteAuthenticationHandler<TOptions>
-        {
-            services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<TOptions>, EnsureSignInScheme<TOptions>>());
-            return services.AddScheme<TOptions, THandler>(authenticationScheme, displayName, configureScheme: null, configureOptions: configureOptions);
-        }
-
         // Used to ensure that there's always a sign in scheme
         private class EnsureSignInScheme<TOptions> : IPostConfigureOptions<TOptions> where TOptions : RemoteAuthenticationOptions
         {
diff --git a/src/Microsoft.AspNetCore.Authentication/breakingchanges.netcore.json b/src/Microsoft.AspNetCore.Authentication/breakingchanges.netcore.json
new file mode 100644
index 0000000000..d5bc6954ef
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication/breakingchanges.netcore.json
@@ -0,0 +1,22 @@
+  [
+    {
+      "TypeId": "public static class Microsoft.Extensions.DependencyInjection.AuthenticationServiceCollectionExtensions",
+      "MemberId": "public static Microsoft.Extensions.DependencyInjection.IServiceCollection AddRemoteScheme<T0, T1>(this Microsoft.Extensions.DependencyInjection.IServiceCollection services, System.String authenticationScheme, System.String displayName, System.Action<T0> configureOptions) where T0 : Microsoft.AspNetCore.Authentication.RemoteAuthenticationOptions, new() where T1 : Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler<T0>",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public static class Microsoft.Extensions.DependencyInjection.AuthenticationServiceCollectionExtensions",
+      "MemberId": "public static Microsoft.Extensions.DependencyInjection.IServiceCollection AddScheme<T0, T1>(this Microsoft.Extensions.DependencyInjection.IServiceCollection services, System.String authenticationScheme, System.Action<T0> configureOptions) where T0 : Microsoft.AspNetCore.Authentication.AuthenticationSchemeOptions, new() where T1 : Microsoft.AspNetCore.Authentication.AuthenticationHandler<T0>",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public static class Microsoft.Extensions.DependencyInjection.AuthenticationServiceCollectionExtensions",
+      "MemberId": "public static Microsoft.Extensions.DependencyInjection.IServiceCollection AddScheme<T0, T1>(this Microsoft.Extensions.DependencyInjection.IServiceCollection services, System.String authenticationScheme, System.String displayName, System.Action<Microsoft.AspNetCore.Authentication.AuthenticationSchemeBuilder> configureScheme, System.Action<T0> configureOptions) where T0 : Microsoft.AspNetCore.Authentication.AuthenticationSchemeOptions, new() where T1 : Microsoft.AspNetCore.Authentication.AuthenticationHandler<T0>",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public static class Microsoft.Extensions.DependencyInjection.AuthenticationServiceCollectionExtensions",
+      "MemberId": "public static Microsoft.Extensions.DependencyInjection.IServiceCollection AddScheme<T0, T1>(this Microsoft.Extensions.DependencyInjection.IServiceCollection services, System.String authenticationScheme, System.String displayName, System.Action<T0> configureOptions) where T0 : Microsoft.AspNetCore.Authentication.AuthenticationSchemeOptions, new() where T1 : Microsoft.AspNetCore.Authentication.AuthenticationHandler<T0>",
+      "Kind": "Removal"
+    }
+  ]
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizeAttribute.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizeAttribute.cs
index 63bfa30d45..b1f0f8bae0 100644
--- a/src/Microsoft.AspNetCore.Authorization/AuthorizeAttribute.cs
+++ b/src/Microsoft.AspNetCore.Authorization/AuthorizeAttribute.cs
@@ -39,15 +39,5 @@ namespace Microsoft.AspNetCore.Authorization
         /// Gets or sets a comma delimited list of schemes from which user information is constructed.
         /// </summary>
         public string AuthenticationSchemes { get; set; }
-
-        /// <summary>
-        /// Gets or sets a comma delimited list of schemes from which user information is constructed.
-        /// </summary>
-        [Obsolete("Use AuthenticationSchemes instead.", error: false)]
-        public string ActiveAuthenticationSchemes
-        {
-            get => AuthenticationSchemes;
-            set => AuthenticationSchemes = value;
-        }
     }
 }

From e0538784647990905f9c5fdc5bc2f0e5c7388909 Mon Sep 17 00:00:00 2001
From: Nate McMaster <natemcmaster@users.noreply.github.com>
Date: Mon, 19 Nov 2018 09:47:07 -0800
Subject: [PATCH 28/30] Upgrade packages and projects to target netcoreapp3.0
 (aspnet/Security#1916)

Changes:

* Upgrade dependencies and build tools
* Change TFM on Microsoft.AspNetCore.* packages to netcoreapp3.0
* Remove .NET Framework tests
* Disable Owin interop tests. They need to be completely refactored
---
 Directory.Build.targets                       |  6 +-
 ...oft.AspNetCore.Security.Performance.csproj |  2 +-
 build/dependencies.props                      | 64 +++++++++----------
 build/repo.props                              |  7 +-
 korebuild-lock.txt                            |  4 +-
 .../CookiePolicySample.csproj                 |  2 +-
 samples/CookieSample/CookieSample.csproj      |  2 +-
 .../CookieSessionSample.csproj                |  2 +-
 .../JwtBearerSample/JwtBearerSample.csproj    |  2 +-
 .../OpenIdConnect.AzureAdSample.csproj        |  2 +-
 .../OpenIdConnectSample.csproj                |  2 +-
 samples/SocialSample/SocialSample.csproj      |  2 +-
 samples/WsFedSample/WsFedSample.csproj        |  2 +-
 ...t.AspNetCore.Authentication.Cookies.csproj |  2 +-
 ....AspNetCore.Authentication.Facebook.csproj |  2 +-
 ...ft.AspNetCore.Authentication.Google.csproj |  2 +-
 ...AspNetCore.Authentication.JwtBearer.csproj |  2 +-
 ...ore.Authentication.MicrosoftAccount.csproj |  2 +-
 ...oft.AspNetCore.Authentication.OAuth.csproj |  2 +-
 ...etCore.Authentication.OpenIdConnect.csproj |  2 +-
 ...t.AspNetCore.Authentication.Twitter.csproj |  2 +-
 ...NetCore.Authentication.WsFederation.csproj |  2 +-
 ...Microsoft.AspNetCore.Authentication.csproj |  2 +-
 ...oft.AspNetCore.Authorization.Policy.csproj |  2 +-
 .../Microsoft.AspNetCore.Authorization.csproj |  2 +-
 .../Microsoft.AspNetCore.CookiePolicy.csproj  |  2 +-
 test/Directory.Build.props                    |  7 --
 ...soft.AspNetCore.Authentication.Test.csproj |  2 +-
 ...osoft.AspNetCore.Authorization.Test.csproj |  2 +-
 ....ChunkingCookieManager.Sources.Test.csproj |  2 +-
 ...rosoft.AspNetCore.CookiePolicy.Test.csproj |  2 +-
 .../CookieInteropTests.cs                     |  5 ++
 ...icrosoft.Owin.Security.Interop.Test.csproj |  3 +-
 .../TicketInteropTests.cs                     |  3 +
 34 files changed, 71 insertions(+), 80 deletions(-)

diff --git a/Directory.Build.targets b/Directory.Build.targets
index 78626b773e..7e3f8df92e 100644
--- a/Directory.Build.targets
+++ b/Directory.Build.targets
@@ -1,10 +1,6 @@
 <Project>
   <PropertyGroup>
-    <RuntimeFrameworkVersion Condition=" '$(TargetFramework)' == 'netcoreapp2.0' ">$(MicrosoftNETCoreApp20PackageVersion)</RuntimeFrameworkVersion>
-    <RuntimeFrameworkVersion Condition=" '$(TargetFramework)' == 'netcoreapp2.1' ">$(MicrosoftNETCoreApp21PackageVersion)</RuntimeFrameworkVersion>
-    <RuntimeFrameworkVersion Condition=" '$(TargetFramework)' == 'netcoreapp2.2' ">$(MicrosoftNETCoreApp22PackageVersion)</RuntimeFrameworkVersion>
+    <RuntimeFrameworkVersion Condition=" '$(TargetFramework)' == 'netcoreapp3.0' ">$(MicrosoftNETCoreAppPackageVersion)</RuntimeFrameworkVersion>
     <NETStandardImplicitPackageVersion Condition=" '$(TargetFramework)' == 'netstandard2.0' ">$(NETStandardLibrary20PackageVersion)</NETStandardImplicitPackageVersion>
-    <!-- aspnet/BuildTools#662 Don't police what version of NetCoreApp we use -->
-    <NETCoreAppMaximumVersion>99.9</NETCoreAppMaximumVersion>
   </PropertyGroup>
 </Project>
diff --git a/benchmarks/Microsoft.AspNetCore.Security.Performance/Microsoft.AspNetCore.Security.Performance.csproj b/benchmarks/Microsoft.AspNetCore.Security.Performance/Microsoft.AspNetCore.Security.Performance.csproj
index 7226b64be5..2f16dd6699 100644
--- a/benchmarks/Microsoft.AspNetCore.Security.Performance/Microsoft.AspNetCore.Security.Performance.csproj
+++ b/benchmarks/Microsoft.AspNetCore.Security.Performance/Microsoft.AspNetCore.Security.Performance.csproj
@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFramework>netcoreapp2.2</TargetFramework>
+    <TargetFramework>netcoreapp3.0</TargetFramework>
     <OutputType>Exe</OutputType>
     <ServerGarbageCollection>true</ServerGarbageCollection>
     <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
diff --git a/build/dependencies.props b/build/dependencies.props
index 230a942c0c..163a3d4004 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -4,42 +4,40 @@
   </PropertyGroup>
   <PropertyGroup Label="Package Versions">
     <BenchmarkDotNetPackageVersion>0.10.13</BenchmarkDotNetPackageVersion>
-    <InternalAspNetCoreSdkPackageVersion>3.0.0-alpha1-20181004.7</InternalAspNetCoreSdkPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>3.0.0-alpha1-10706</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>3.0.0-alpha1-10706</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
-    <MicrosoftAspNetCoreBenchmarkRunnerSourcesPackageVersion>3.0.0-alpha1-10657</MicrosoftAspNetCoreBenchmarkRunnerSourcesPackageVersion>
-    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>3.0.0-alpha1-10706</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
-    <MicrosoftAspNetCoreDataProtectionPackageVersion>3.0.0-alpha1-10706</MicrosoftAspNetCoreDataProtectionPackageVersion>
-    <MicrosoftAspNetCoreDiagnosticsPackageVersion>3.0.0-alpha1-10706</MicrosoftAspNetCoreDiagnosticsPackageVersion>
-    <MicrosoftAspNetCoreHostingPackageVersion>3.0.0-alpha1-10706</MicrosoftAspNetCoreHostingPackageVersion>
-    <MicrosoftAspNetCoreHttpAbstractionsPackageVersion>3.0.0-a-alpha1-endpoint-extensions-namespace-16778</MicrosoftAspNetCoreHttpAbstractionsPackageVersion>
-    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>3.0.0-alpha1-10706</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
-    <MicrosoftAspNetCoreHttpPackageVersion>3.0.0-alpha1-10706</MicrosoftAspNetCoreHttpPackageVersion>
-    <MicrosoftAspNetCoreRoutingPackageVersion>3.0.0-alpha1-10706</MicrosoftAspNetCoreRoutingPackageVersion>
-    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>3.0.0-alpha1-10706</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>3.0.0-alpha1-10706</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelPackageVersion>3.0.0-alpha1-10706</MicrosoftAspNetCoreServerKestrelPackageVersion>
-    <MicrosoftAspNetCoreStaticFilesPackageVersion>3.0.0-alpha1-10706</MicrosoftAspNetCoreStaticFilesPackageVersion>
-    <MicrosoftAspNetCoreTestHostPackageVersion>3.0.0-alpha1-10706</MicrosoftAspNetCoreTestHostPackageVersion>
-    <MicrosoftAspNetCoreTestingPackageVersion>3.0.0-preview-181105-05</MicrosoftAspNetCoreTestingPackageVersion>
-    <MicrosoftExtensionsCachingMemoryPackageVersion>3.0.0-alpha1-10706</MicrosoftExtensionsCachingMemoryPackageVersion>
-    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>3.0.0-alpha1-10706</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
-    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>3.0.0-alpha1-10706</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
-    <MicrosoftExtensionsDependencyInjectionPackageVersion>3.0.0-preview-181105-05</MicrosoftExtensionsDependencyInjectionPackageVersion>
-    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>3.0.0-preview-181105-05</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
-    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>3.0.0-alpha1-10706</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingConsolePackageVersion>3.0.0-alpha1-10706</MicrosoftExtensionsLoggingConsolePackageVersion>
-    <MicrosoftExtensionsLoggingDebugPackageVersion>3.0.0-alpha1-10706</MicrosoftExtensionsLoggingDebugPackageVersion>
-    <MicrosoftExtensionsLoggingPackageVersion>3.0.0-alpha1-10706</MicrosoftExtensionsLoggingPackageVersion>
-    <MicrosoftExtensionsOptionsPackageVersion>3.0.0-alpha1-10706</MicrosoftExtensionsOptionsPackageVersion>
-    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>3.0.0-preview-181105-05</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
-    <MicrosoftExtensionsWebEncodersPackageVersion>3.0.0-alpha1-10706</MicrosoftExtensionsWebEncodersPackageVersion>
+    <InternalAspNetCoreSdkPackageVersion>3.0.0-build-20181114.5</InternalAspNetCoreSdkPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>3.0.0-alpha1-10742</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>3.0.0-alpha1-10742</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
+    <MicrosoftAspNetCoreBenchmarkRunnerSourcesPackageVersion>3.0.0-preview-181113-11</MicrosoftAspNetCoreBenchmarkRunnerSourcesPackageVersion>
+    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>3.0.0-alpha1-10742</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
+    <MicrosoftAspNetCoreDataProtectionPackageVersion>3.0.0-alpha1-10742</MicrosoftAspNetCoreDataProtectionPackageVersion>
+    <MicrosoftAspNetCoreDiagnosticsPackageVersion>3.0.0-alpha1-10742</MicrosoftAspNetCoreDiagnosticsPackageVersion>
+    <MicrosoftAspNetCoreHostingPackageVersion>3.0.0-alpha1-10742</MicrosoftAspNetCoreHostingPackageVersion>
+    <MicrosoftAspNetCoreHttpAbstractionsPackageVersion>3.0.0-alpha1-10742</MicrosoftAspNetCoreHttpAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>3.0.0-alpha1-10742</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
+    <MicrosoftAspNetCoreHttpPackageVersion>3.0.0-alpha1-10742</MicrosoftAspNetCoreHttpPackageVersion>
+    <MicrosoftAspNetCoreRoutingPackageVersion>3.0.0-alpha1-10742</MicrosoftAspNetCoreRoutingPackageVersion>
+    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>3.0.0-alpha1-10742</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>3.0.0-alpha1-10742</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>3.0.0-alpha1-10742</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreStaticFilesPackageVersion>3.0.0-alpha1-10742</MicrosoftAspNetCoreStaticFilesPackageVersion>
+    <MicrosoftAspNetCoreTestHostPackageVersion>3.0.0-alpha1-10742</MicrosoftAspNetCoreTestHostPackageVersion>
+    <MicrosoftAspNetCoreTestingPackageVersion>3.0.0-preview-181113-11</MicrosoftAspNetCoreTestingPackageVersion>
+    <MicrosoftExtensionsCachingMemoryPackageVersion>3.0.0-preview-181113-11</MicrosoftExtensionsCachingMemoryPackageVersion>
+    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>3.0.0-preview-181113-11</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
+    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>3.0.0-preview-181113-11</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionPackageVersion>3.0.0-preview-181113-11</MicrosoftExtensionsDependencyInjectionPackageVersion>
+    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>3.0.0-preview-181113-11</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
+    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>3.0.0-preview-181113-11</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingConsolePackageVersion>3.0.0-preview-181113-11</MicrosoftExtensionsLoggingConsolePackageVersion>
+    <MicrosoftExtensionsLoggingDebugPackageVersion>3.0.0-preview-181113-11</MicrosoftExtensionsLoggingDebugPackageVersion>
+    <MicrosoftExtensionsLoggingPackageVersion>3.0.0-preview-181113-11</MicrosoftExtensionsLoggingPackageVersion>
+    <MicrosoftExtensionsOptionsPackageVersion>3.0.0-preview-181113-11</MicrosoftExtensionsOptionsPackageVersion>
+    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>3.0.0-preview-181113-11</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
+    <MicrosoftExtensionsWebEncodersPackageVersion>3.0.0-preview-181113-11</MicrosoftExtensionsWebEncodersPackageVersion>
     <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.19.8</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
     <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.3.0</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
     <MicrosoftIdentityModelProtocolsWsFederationPackageVersion>5.3.0</MicrosoftIdentityModelProtocolsWsFederationPackageVersion>
-    <MicrosoftNETCoreApp20PackageVersion>2.0.9</MicrosoftNETCoreApp20PackageVersion>
-    <MicrosoftNETCoreApp21PackageVersion>2.1.3</MicrosoftNETCoreApp21PackageVersion>
-    <MicrosoftNETCoreApp22PackageVersion>2.2.0-rtm-27105-02</MicrosoftNETCoreApp22PackageVersion>
+    <MicrosoftNETCoreAppPackageVersion>3.0.0-preview1-26907-05</MicrosoftNETCoreAppPackageVersion>
     <MicrosoftNETTestSdkPackageVersion>15.6.1</MicrosoftNETTestSdkPackageVersion>
     <MicrosoftOwinSecurityCookiesPackageVersion>3.0.1</MicrosoftOwinSecurityCookiesPackageVersion>
     <MicrosoftOwinSecurityPackageVersion>3.0.1</MicrosoftOwinSecurityPackageVersion>
diff --git a/build/repo.props b/build/repo.props
index 6fc6af601d..4402da1d0d 100644
--- a/build/repo.props
+++ b/build/repo.props
@@ -1,9 +1,6 @@
 <Project>
   <Import Project="dependencies.props" />
 
-  <ItemGroup>
-    <ExcludeFromTest Include="$(RepositoryRoot)test\Microsoft.Owin.Security.Interop.Test\*.csproj" Condition="'$(OS)' != 'Windows_NT'" />
-  </ItemGroup>
   <PropertyGroup>
     <!-- These properties are use by the automation that updates dependencies.props -->
     <LineupPackageId>Internal.AspNetCore.Universe.Lineup</LineupPackageId>
@@ -11,8 +8,6 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <DotNetCoreRuntime Include="$(MicrosoftNETCoreApp20PackageVersion)" />
-    <DotNetCoreRuntime Include="$(MicrosoftNETCoreApp21PackageVersion)" />
-    <DotNetCoreRuntime Include="$(MicrosoftNETCoreApp22PackageVersion)" />
+    <DotNetCoreRuntime Include="$(MicrosoftNETCoreAppPackageVersion)" />
   </ItemGroup>
 </Project>
diff --git a/korebuild-lock.txt b/korebuild-lock.txt
index 591cfd52ff..73613543d0 100644
--- a/korebuild-lock.txt
+++ b/korebuild-lock.txt
@@ -1,2 +1,2 @@
-version:3.0.0-alpha1-20181004.7
-commithash:27fabdaf2b1d4753c3d2749581694ca65d78f7f2
+version:3.0.0-build-20181114.5
+commithash:880e9a204d4ee4a18dfd83c9fb05a192a28bca60
diff --git a/samples/CookiePolicySample/CookiePolicySample.csproj b/samples/CookiePolicySample/CookiePolicySample.csproj
index 48227eb07c..010edb018e 100644
--- a/samples/CookiePolicySample/CookiePolicySample.csproj
+++ b/samples/CookiePolicySample/CookiePolicySample.csproj
@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
-    <TargetFrameworks>net461;netcoreapp2.2</TargetFrameworks>
+    <TargetFramework>netcoreapp3.0</TargetFramework>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/samples/CookieSample/CookieSample.csproj b/samples/CookieSample/CookieSample.csproj
index 1029f18193..bc92d68a21 100644
--- a/samples/CookieSample/CookieSample.csproj
+++ b/samples/CookieSample/CookieSample.csproj
@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
-    <TargetFrameworks>net461;netcoreapp2.2</TargetFrameworks>
+    <TargetFramework>netcoreapp3.0</TargetFramework>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/samples/CookieSessionSample/CookieSessionSample.csproj b/samples/CookieSessionSample/CookieSessionSample.csproj
index 19bd043746..6230c98a53 100644
--- a/samples/CookieSessionSample/CookieSessionSample.csproj
+++ b/samples/CookieSessionSample/CookieSessionSample.csproj
@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
-    <TargetFrameworks>net461;netcoreapp2.2</TargetFrameworks>
+    <TargetFramework>netcoreapp3.0</TargetFramework>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/samples/JwtBearerSample/JwtBearerSample.csproj b/samples/JwtBearerSample/JwtBearerSample.csproj
index 3e0192a233..58bf5e2d97 100644
--- a/samples/JwtBearerSample/JwtBearerSample.csproj
+++ b/samples/JwtBearerSample/JwtBearerSample.csproj
@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
-    <TargetFrameworks>net461;netcoreapp2.2</TargetFrameworks>
+    <TargetFramework>netcoreapp3.0</TargetFramework>
     <UserSecretsId>aspnet5-JwtBearerSample-20151210102827</UserSecretsId>
  </PropertyGroup>
 
diff --git a/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj b/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
index 2abd57cd89..61754b60bf 100644
--- a/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
+++ b/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
-    <TargetFrameworks>net461;netcoreapp2.2</TargetFrameworks>
+    <TargetFramework>netcoreapp3.0</TargetFramework>
     <UserSecretsId>aspnet5-OpenIdConnectSample-20151210110318</UserSecretsId>
   </PropertyGroup>
 
diff --git a/samples/OpenIdConnectSample/OpenIdConnectSample.csproj b/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
index bb02ef1595..137ee47ba2 100644
--- a/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
+++ b/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
-    <TargetFrameworks>net461;netcoreapp2.2</TargetFrameworks>
+    <TargetFramework>netcoreapp3.0</TargetFramework>
     <UserSecretsId>aspnet5-OpenIdConnectSample-20151210110318</UserSecretsId>
   </PropertyGroup>
 
diff --git a/samples/SocialSample/SocialSample.csproj b/samples/SocialSample/SocialSample.csproj
index a08b9799d1..e1e2262b0d 100644
--- a/samples/SocialSample/SocialSample.csproj
+++ b/samples/SocialSample/SocialSample.csproj
@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
-    <TargetFrameworks>net461;netcoreapp2.2</TargetFrameworks>
+    <TargetFramework>netcoreapp3.0</TargetFramework>
     <UserSecretsId>aspnet5-SocialSample-20151210111056</UserSecretsId>
   </PropertyGroup>
 
diff --git a/samples/WsFedSample/WsFedSample.csproj b/samples/WsFedSample/WsFedSample.csproj
index 4fb38fa3e3..e1191ac811 100644
--- a/samples/WsFedSample/WsFedSample.csproj
+++ b/samples/WsFedSample/WsFedSample.csproj
@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
-    <TargetFrameworks>net461</TargetFrameworks>
+    <TargetFramework>netcoreapp3.0</TargetFramework>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj b/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
index b188a58e08..093f60a3de 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
@@ -2,7 +2,7 @@
 
   <PropertyGroup>
     <Description>ASP.NET Core middleware that enables an application to use cookie based authentication.</Description>
-    <TargetFramework>netstandard2.0</TargetFramework>
+    <TargetFramework>netcoreapp3.0</TargetFramework>
     <DefineConstants>$(DefineConstants);SECURITY</DefineConstants>
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj b/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj
index 62aee1367f..f57fe26e0c 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj
@@ -2,7 +2,7 @@
 
   <PropertyGroup>
     <Description>ASP.NET Core middleware that enables an application to support Facebook's OAuth 2.0 authentication workflow.</Description>
-    <TargetFramework>netstandard2.0</TargetFramework>
+    <TargetFramework>netcoreapp3.0</TargetFramework>
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj b/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj
index de8867f91a..eba5b98adf 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj
@@ -2,7 +2,7 @@
 
   <PropertyGroup>
     <Description>ASP.NET Core contains middleware to support Google's OpenId and OAuth 2.0 authentication workflows.</Description>
-    <TargetFramework>netstandard2.0</TargetFramework>
+    <TargetFramework>netcoreapp3.0</TargetFramework>
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
index e5bae5a3da..8a26c58f34 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
@@ -2,7 +2,7 @@
 
   <PropertyGroup>
     <Description>ASP.NET Core middleware that enables an application to receive an OpenID Connect bearer token.</Description>
-    <TargetFramework>netstandard2.0</TargetFramework>
+    <TargetFramework>netcoreapp3.0</TargetFramework>
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj
index 0eddc6f764..1841157c94 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj
@@ -2,7 +2,7 @@
 
   <PropertyGroup>
     <Description>ASP.NET Core middleware that enables an application to support the Microsoft Account authentication workflow.</Description>
-    <TargetFramework>netstandard2.0</TargetFramework>
+    <TargetFramework>netcoreapp3.0</TargetFramework>
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj b/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
index 5c8a5e3a96..97d4a97036 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
@@ -2,7 +2,7 @@
 
   <PropertyGroup>
     <Description>ASP.NET Core middleware that enables an application to support any standard OAuth 2.0 authentication workflow.</Description>
-    <TargetFramework>netstandard2.0</TargetFramework>
+    <TargetFramework>netcoreapp3.0</TargetFramework>
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
index b7f4c1704a..65ca6b8429 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
@@ -2,7 +2,7 @@
 
   <PropertyGroup>
     <Description>ASP.NET Core middleware that enables an application to support the OpenID Connect authentication workflow.</Description>
-    <TargetFramework>netstandard2.0</TargetFramework>
+    <TargetFramework>netcoreapp3.0</TargetFramework>
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj b/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
index f720d08f04..4f2aae6168 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
@@ -2,7 +2,7 @@
 
   <PropertyGroup>
     <Description>ASP.NET Core middleware that enables an application to support Twitter's OAuth 1.0 authentication workflow.</Description>
-    <TargetFramework>netstandard2.0</TargetFramework>
+    <TargetFramework>netcoreapp3.0</TargetFramework>
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/Microsoft.AspNetCore.Authentication.WsFederation.csproj b/src/Microsoft.AspNetCore.Authentication.WsFederation/Microsoft.AspNetCore.Authentication.WsFederation.csproj
index 4edb55cb35..ae4d52aff4 100644
--- a/src/Microsoft.AspNetCore.Authentication.WsFederation/Microsoft.AspNetCore.Authentication.WsFederation.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.WsFederation/Microsoft.AspNetCore.Authentication.WsFederation.csproj
@@ -2,7 +2,7 @@
 
   <PropertyGroup>
     <Description>ASP.NET Core middleware that enables an application to support the WsFederation authentication workflow.</Description>
-    <TargetFramework>netstandard2.0</TargetFramework>
+    <TargetFramework>netcoreapp3.0</TargetFramework>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
   </PropertyGroup>
diff --git a/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj b/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
index 7e3ce4eb39..9ae0a7bccc 100644
--- a/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
+++ b/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
@@ -2,7 +2,7 @@
 
   <PropertyGroup>
     <Description>ASP.NET Core common types used by the various authentication middleware components.</Description>
-    <TargetFramework>netstandard2.0</TargetFramework>
+    <TargetFramework>netcoreapp3.0</TargetFramework>
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
diff --git a/src/Microsoft.AspNetCore.Authorization.Policy/Microsoft.AspNetCore.Authorization.Policy.csproj b/src/Microsoft.AspNetCore.Authorization.Policy/Microsoft.AspNetCore.Authorization.Policy.csproj
index aba88dd50c..d3ad99a511 100644
--- a/src/Microsoft.AspNetCore.Authorization.Policy/Microsoft.AspNetCore.Authorization.Policy.csproj
+++ b/src/Microsoft.AspNetCore.Authorization.Policy/Microsoft.AspNetCore.Authorization.Policy.csproj
@@ -2,7 +2,7 @@
 
   <PropertyGroup>
     <Description>ASP.NET Core authorization policy helper classes.</Description>
-    <TargetFramework>netstandard2.0</TargetFramework>
+    <TargetFramework>netcoreapp3.0</TargetFramework>
     <NoWarn>$(NoWarn);CS1591;NU1605</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authorization</PackageTags>
diff --git a/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj b/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
index ac4aa6c320..9192ac8cfa 100644
--- a/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
+++ b/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
@@ -5,7 +5,7 @@
 Commonly used types:
 Microsoft.AspNetCore.Authorization.AllowAnonymousAttribute
 Microsoft.AspNetCore.Authorization.AuthorizeAttribute</Description>
-    <TargetFramework>netstandard2.0</TargetFramework>
+    <TargetFramework>netcoreapp3.0</TargetFramework>
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authorization</PackageTags>
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj b/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj
index 40f97633ae..81760d50ab 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj
+++ b/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj
@@ -2,7 +2,7 @@
 
   <PropertyGroup>
     <Description>ASP.NET Core cookie policy classes to control the behavior of cookies.</Description>
-    <TargetFramework>netstandard2.0</TargetFramework>
+    <TargetFramework>netcoreapp3.0</TargetFramework>
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore</PackageTags>
diff --git a/test/Directory.Build.props b/test/Directory.Build.props
index e3d2d9f143..c42d54465f 100644
--- a/test/Directory.Build.props
+++ b/test/Directory.Build.props
@@ -1,13 +1,6 @@
 <Project>
   <Import Project="..\Directory.Build.props" />
 
-  <PropertyGroup>
-    <DeveloperBuildTestTfms>netcoreapp2.2</DeveloperBuildTestTfms>
-    <StandardTestTfms>$(DeveloperBuildTestTfms)</StandardTestTfms>
-    <StandardTestTfms Condition=" '$(DeveloperBuild)' != 'true' ">$(StandardTestTfms)</StandardTestTfms>
-    <StandardTestTfms Condition=" '$(DeveloperBuild)' != 'true' AND '$(OS)' == 'Windows_NT' ">$(StandardTestTfms);net461</StandardTestTfms>
-  </PropertyGroup>
-
   <ItemGroup>
     <PackageReference Include="Internal.AspNetCore.Sdk" PrivateAssets="All" Version="$(InternalAspNetCoreSdkPackageVersion)" />
     <PackageReference Include="Microsoft.AspNetCore.Testing" Version="$(MicrosoftAspNetCoreTestingPackageVersion)" />
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
index 6c8d518ffa..c7a3808682 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFrameworks>$(StandardTestTfms)</TargetFrameworks>
+    <TargetFramework>netcoreapp3.0</TargetFramework>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj b/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
index 40a8fff128..9ff42a070c 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
+++ b/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFrameworks>$(StandardTestTfms)</TargetFrameworks>
+    <TargetFramework>netcoreapp3.0</TargetFramework>
     <NoWarn>$(NoWarn);NU1605</NoWarn>
   </PropertyGroup>
 
diff --git a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
index 20cd400ce7..2f38abff90 100644
--- a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
+++ b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFrameworks>$(StandardTestTfms)</TargetFrameworks>
+    <TargetFramework>netcoreapp3.0</TargetFramework>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj b/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
index d7a42f3efb..3dc3df2e22 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFrameworks>$(StandardTestTfms)</TargetFrameworks>
+    <TargetFramework>netcoreapp3.0</TargetFramework>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs b/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs
index e2e4fd7d07..24bf09722c 100644
--- a/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs
+++ b/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs
@@ -1,6 +1,10 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+/* See https://github.com/aspnet/AspNetCore/issues/4074.
+
+This test is was disabled as a part of changing frameworks. This test will need to be re-written using separate .NET Core and .NET Framework processes.
+
 using System.Collections.Generic;
 using System.IO;
 using System.Linq;
@@ -330,3 +334,4 @@ namespace Microsoft.Owin.Security.Interop
     }
 }
 
+*/
diff --git a/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj b/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
index f369f1f01a..57b224ef68 100644
--- a/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
+++ b/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
@@ -2,10 +2,11 @@
 
   <PropertyGroup>
     <TargetFramework>net461</TargetFramework>
+    <!-- Temporarily disables tests for this project. They need to be refactored now that aspnetcore only supports netcoreapp3.0. -->
+    <IsTestProject>false</IsTestProject>
   </PropertyGroup>
 
   <ItemGroup>
-    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Cookies\Microsoft.AspNetCore.Authentication.Cookies.csproj" />
     <ProjectReference Include="..\..\src\Microsoft.Owin.Security.Interop\Microsoft.Owin.Security.Interop.csproj" />
   </ItemGroup>
 
diff --git a/test/Microsoft.Owin.Security.Interop.Test/TicketInteropTests.cs b/test/Microsoft.Owin.Security.Interop.Test/TicketInteropTests.cs
index 769adc015b..ccff1e9367 100644
--- a/test/Microsoft.Owin.Security.Interop.Test/TicketInteropTests.cs
+++ b/test/Microsoft.Owin.Security.Interop.Test/TicketInteropTests.cs
@@ -1,6 +1,8 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+/*
+
 using System;
 using System.Linq;
 using System.Security.Claims;
@@ -87,5 +89,6 @@ namespace Microsoft.Owin.Security.Interop.Test
         }
     }
 }
+*/
 
 

From 26d27d871b7992022c082dc207e3d126e1d9d278 Mon Sep 17 00:00:00 2001
From: Nate McMaster <natemcmaster@users.noreply.github.com>
Date: Wed, 21 Nov 2018 16:05:52 -0800
Subject: [PATCH 29/30] Update README.md

---
 README.md | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index e8e64c2936..66c2aa45e8 100644
--- a/README.md
+++ b/README.md
@@ -1,9 +1,7 @@
-ASP.NET Security
-========
+ASP.NET Security [Archived]
+===========================
 
-AppVeyor: [![AppVeyor](https://ci.appveyor.com/api/projects/status/fujhh8n956v5ohfd/branch/dev?svg=true)](https://ci.appveyor.com/project/aspnetci/Security/branch/dev)
-
-Travis:   [![Travis](https://travis-ci.org/aspnet/Security.svg?branch=dev)](https://travis-ci.org/aspnet/Security)
+**This GitHub project has been archived.** Ongoing development on this project can be found in <https://github.com/aspnet/AspNetCore>.
 
 Contains the security and authorization middlewares for ASP.NET Core.
 
@@ -14,4 +12,4 @@ A list of community projects related to authentication and security for ASP.NET
 ASP.NET Security will not include Basic Authentication middleware due to its potential insecurity and performance problems. If you host under IIS you can enable it via IIS configuration.
 
 
-This project is part of ASP.NET Core. You can find samples, documentation and getting started instructions for ASP.NET Core at the [Home](https://github.com/aspnet/home) repo.
+This project is part of ASP.NET Core. You can find samples, documentation and getting started instructions for ASP.NET Core at the [AspNetCore](https://github.com/aspnet/AspNetCore) repo.

From 30572ac74a76e20b48ec66e747f81f71d2784814 Mon Sep 17 00:00:00 2001
From: Ryan Brandenburg <rybrande@microsoft.com>
Date: Mon, 26 Nov 2018 12:19:01 -0800
Subject: [PATCH 30/30] Reorganize source code in preparation to move into
 aspnet/AspNetCore Prior to reorganization, this source code was found in
 https://github.com/aspnet/Security/tree/26d27d871b7992022c082dc207e3d126e1d9d278

---
 .appveyor.yml                                 |  17 --
 .gitattributes                                |  51 ----
 .travis.yml                                   |  27 --
 .vsts-pipelines/builds/ci-internal.yml        |  13 -
 .vsts-pipelines/builds/ci-public.yml          |  15 -
 CONTRIBUTING.md                               |   4 -
 LICENSE.txt                                   | 201 --------------
 NuGet.config                                  |   7 -
 build.cmd                                     |   2 -
 build.sh                                      |   8 -
 korebuild-lock.txt                            |   2 -
 korebuild.json                                |   4 -
 run.cmd                                       |   2 -
 run.ps1                                       | 209 --------------
 run.sh                                        | 256 ------------------
 .gitignore => src/Security/.gitignore         |   0
 .../Security/Directory.Build.props            |   0
 .../Security/Directory.Build.targets          |   0
 .../Security/NuGetPackageVerifier.json        |   0
 README.md => src/Security/README.md           |   0
 Security.sln => src/Security/Security.sln     |   0
 .../AuthorizationMiddlewareBenchmark.cs       |   0
 .../AuthorizationPolicyBenchmark.cs           |   0
 ...oft.AspNetCore.Security.Performance.csproj |   0
 .../Properties/AssemblyInfo.cs                |   0
 .../readme.md                                 |   0
 {build => src/Security/build}/Key.snk         | Bin
 .../Security/build}/dependencies.props        |   0
 {build => src/Security/build}/repo.props      |   0
 {build => src/Security/build}/sources.props   |   0
 .../CookiePolicySample.csproj                 |   0
 .../samples}/CookiePolicySample/Program.cs    |   0
 .../Properties/launchSettings.json            |   0
 .../samples}/CookiePolicySample/Startup.cs    |   0
 .../samples}/CookieSample/CookieSample.csproj |   0
 .../Security/samples}/CookieSample/Program.cs |   0
 .../Properties/launchSettings.json            |   0
 .../Security/samples}/CookieSample/Startup.cs |   0
 .../CookieSessionSample.csproj                |   0
 .../MemoryCacheTicketStore.cs                 |   0
 .../samples}/CookieSessionSample/Program.cs   |   0
 .../Properties/launchSettings.json            |   0
 .../samples}/CookieSessionSample/Startup.cs   |   0
 .../JwtBearerSample/JwtBearerSample.csproj    |   0
 .../samples}/JwtBearerSample/Program.cs       |   0
 .../Properties/launchSettings.json            |   0
 .../samples}/JwtBearerSample/Startup.cs       |   0
 .../Security/samples}/JwtBearerSample/Todo.cs |   0
 .../wwwroot/App/Scripts/app.js                |   0
 .../wwwroot/App/Scripts/homeCtrl.js           |   0
 .../wwwroot/App/Scripts/indexCtrl.js          |   0
 .../wwwroot/App/Scripts/todoListCtrl.js       |   0
 .../wwwroot/App/Scripts/todoListSvc.js        |   0
 .../wwwroot/App/Scripts/userDataCtrl.js       |   0
 .../wwwroot/App/Views/Home.html               |   0
 .../wwwroot/App/Views/TodoList.html           |   0
 .../wwwroot/App/Views/UserData.html           |   0
 .../JwtBearerSample/wwwroot/index.html        |   0
 .../AuthPropertiesTokenCache.cs               |   0
 .../OpenIdConnect.AzureAdSample.csproj        |   0
 .../OpenIdConnect.AzureAdSample/Program.cs    |   0
 .../Properties/launchSettings.json            |   0
 .../OpenIdConnect.AzureAdSample/Readme.md     |   0
 .../OpenIdConnect.AzureAdSample/Startup.cs    |   0
 .../OpenIdConnectSample.csproj                |   0
 .../samples}/OpenIdConnectSample/Program.cs   |   0
 .../Properties/launchSettings.json            |   0
 .../samples}/OpenIdConnectSample/Readme.md    |   0
 .../samples}/OpenIdConnectSample/Startup.cs   |   0
 .../compiler/resources/cert.pfx               | Bin
 .../Security/samples}/SocialSample/Program.cs |   0
 .../Properties/launchSettings.json            |   0
 .../samples}/SocialSample/SocialSample.csproj |   0
 .../Security/samples}/SocialSample/Startup.cs |   0
 .../SocialSample/compiler/resources/cert.pfx  | Bin
 .../Security/samples}/SocialSample/web.config |   0
 .../Security/samples}/WsFedSample/Program.cs  |   0
 .../Properties/launchSettings.json            |   0
 .../Security/samples}/WsFedSample/Startup.cs  |   0
 .../samples}/WsFedSample/WsFedSample.csproj   |   0
 .../WsFedSample/compiler/resources/cert.pfx   | Bin
 .../ChunkingCookieManager.cs                  |   0
 src/{ => Security/src}/Directory.Build.props  |   0
 .../Constants.cs                              |   0
 .../CookieAppBuilderExtensions.cs             |   0
 .../CookieAuthenticationDefaults.cs           |   0
 .../CookieAuthenticationHandler.cs            |   0
 .../CookieAuthenticationOptions.cs            |   0
 .../CookieExtensions.cs                       |   0
 .../Events/CookieAuthenticationEvents.cs      |   0
 .../Events/CookieSignedInContext.cs           |   0
 .../Events/CookieSigningInContext.cs          |   0
 .../Events/CookieSigningOutContext.cs         |   0
 .../Events/CookieValidatePrincipalContext.cs  |   0
 .../ICookieManager.cs                         |   0
 .../ITicketStore.cs                           |   0
 .../LoggingExtensions.cs                      |   0
 ...t.AspNetCore.Authentication.Cookies.csproj |   0
 ...ostConfigureCookieAuthenticationOptions.cs |   0
 .../baseline.netcore.json                     |   0
 .../breakingchanges.netcore.json              |   0
 .../FacebookAppBuilderExtensions.cs           |   0
 .../FacebookDefaults.cs                       |   0
 .../FacebookExtensions.cs                     |   0
 .../FacebookHandler.cs                        |   0
 .../FacebookOptions.cs                        |   0
 ....AspNetCore.Authentication.Facebook.csproj |   0
 .../Properties/Resources.Designer.cs          |   0
 .../Resources.resx                            |   0
 .../baseline.netcore.json                     |   0
 .../GoogleAppBuilderExtensions.cs             |   0
 .../GoogleChallengeProperties.cs              |   0
 .../GoogleDefaults.cs                         |   0
 .../GoogleExtensions.cs                       |   0
 .../GoogleHandler.cs                          |   0
 .../GoogleHelper.cs                           |   0
 .../GoogleOptions.cs                          |   0
 ...ft.AspNetCore.Authentication.Google.csproj |   0
 .../Properties/Resources.Designer.cs          |   0
 .../Resources.resx                            |   0
 .../baseline.netcore.json                     |   0
 .../Events/AuthenticationFailedContext.cs     |   0
 .../Events/JwtBearerChallengeContext.cs       |   0
 .../Events/JwtBearerEvents.cs                 |   0
 .../Events/MessageReceivedContext.cs          |   0
 .../Events/TokenValidatedContext.cs           |   0
 .../JwtBearerAppBuilderExtensions.cs          |   0
 .../JwtBearerDefaults.cs                      |   0
 .../JwtBearerExtensions.cs                    |   0
 .../JwtBearerHandler.cs                       |   0
 .../JwtBearerOptions.cs                       |   0
 .../JwtBearerPostConfigureOptions.cs          |   0
 .../LoggingExtensions.cs                      |   0
 ...AspNetCore.Authentication.JwtBearer.csproj |   0
 .../Properties/Resources.Designer.cs          |   0
 .../Resources.resx                            |   0
 .../baseline.netcore.json                     |   0
 .../breakingchanges.netcore.json              |   0
 ...ore.Authentication.MicrosoftAccount.csproj |   0
 .../MicrosoftAccountAppBuilderExtensions.cs   |   0
 .../MicrosoftAccountDefaults.cs               |   0
 .../MicrosoftAccountExtensions.cs             |   0
 .../MicrosoftAccountHandler.cs                |   0
 .../MicrosoftAccountOptions.cs                |   0
 .../Properties/Resources.Designer.cs          |   0
 .../Resources.resx                            |   0
 .../baseline.netcore.json                     |   0
 .../Claims/ClaimAction.cs                     |   0
 .../Claims/ClaimActionCollection.cs           |   0
 .../ClaimActionCollectionMapExtensions.cs     |   0
 .../Claims/CustomJsonClaimAction.cs           |   0
 .../Claims/DeleteClaimAction.cs               |   0
 .../Claims/JsonKeyClaimAction.cs              |   0
 .../Claims/JsonSubKeyClaimAction.cs           |   0
 .../Claims/MapAllClaimsAction.cs              |   0
 .../Events/OAuthCreatingTicketContext.cs      |   0
 .../Events/OAuthEvents.cs                     |   0
 ...oft.AspNetCore.Authentication.OAuth.csproj |   0
 .../OAuthAppBuilderExtensions.cs              |   0
 .../OAuthChallengeProperties.cs               |   0
 .../OAuthDefaults.cs                          |   0
 .../OAuthExtensions.cs                        |   0
 .../OAuthHandler.cs                           |   0
 .../OAuthOptions.cs                           |   0
 .../OAuthPostConfigureOptions.cs              |   0
 .../OAuthTokenResponse.cs                     |   0
 .../Properties/Resources.Designer.cs          |   0
 .../Resources.resx                            |   0
 .../baseline.netcore.json                     |   0
 .../ClaimActionCollectionUniqueExtensions.cs  |   0
 .../Claims/UniqueJsonKeyClaimAction.cs        |   0
 .../Events/AuthenticationFailedContext.cs     |   0
 .../AuthorizationCodeReceivedContext.cs       |   0
 .../Events/MessageReceivedContext.cs          |   0
 .../Events/OpenIdConnectEvents.cs             |   0
 .../Events/RedirectContext.cs                 |   0
 .../Events/RemoteSignoutContext.cs            |   0
 .../Events/TokenResponseReceivedContext.cs    |   0
 .../Events/TokenValidatedContext.cs           |   0
 .../Events/UserInformationReceivedContext.cs  |   0
 .../LoggingExtensions.cs                      |   0
 ...etCore.Authentication.OpenIdConnect.csproj |   0
 .../OpenIdConnectAppBuilderExtensions.cs      |   0
 .../OpenIdConnectChallengeProperties.cs       |   0
 .../OpenIdConnectDefaults.cs                  |   0
 .../OpenIdConnectExtensions.cs                |   0
 .../OpenIdConnectHandler.cs                   |   0
 .../OpenIdConnectOptions.cs                   |   0
 .../OpenIdConnectPostConfigureOptions.cs      |   0
 .../OpenIdConnectRedirectBehavior.cs          |   0
 .../Properties/Resources.Designer.cs          |   0
 .../Resources.resx                            |   0
 .../baseline.netcore.json                     |   0
 .../Events/TwitterCreatingTicketContext.cs    |   0
 .../Events/TwitterEvents.cs                   |   0
 .../LoggingExtensions.cs                      |   0
 .../Messages/AccessToken.cs                   |   0
 .../Messages/RequestToken.cs                  |   0
 .../Messages/RequestTokenSerializer.cs        |   0
 ...t.AspNetCore.Authentication.Twitter.csproj |   0
 .../Properties/Resources.Designer.cs          |   0
 .../Resources.resx                            |   0
 .../TwitterAppBuilderExtensions.cs            |   0
 .../TwitterDefaults.cs                        |   0
 .../TwitterExtensions.cs                      |   0
 .../TwitterHandler.cs                         |   0
 .../TwitterOptions.cs                         |   0
 .../TwitterPostConfigureOptions.cs            |   0
 .../baseline.netcore.json                     |   0
 .../Events/AuthenticationFailedContext.cs     |   0
 .../Events/MessageReceivedContext.cs          |   0
 .../Events/RedirectContext.cs                 |   0
 .../Events/RemoteSignoutContext.cs            |   0
 .../Events/SecurityTokenReceivedContext.cs    |   0
 .../Events/SecurityTokenValidatedContext.cs   |   0
 .../Events/WsFederationEvents.cs              |   0
 .../LoggingExtensions.cs                      |   0
 ...NetCore.Authentication.WsFederation.csproj |   0
 .../Properties/Resources.Designer.cs          |   0
 .../Resources.resx                            |   0
 .../WsFederationDefaults.cs                   |   0
 .../WsFederationExtensions.cs                 |   0
 .../WsFederationHandler.cs                    |   0
 .../WsFederationOptions.cs                    |   0
 .../WsFederationPostConfigureOptions.cs       |   0
 .../baseline.netcore.json                     |   0
 .../AuthAppBuilderExtensions.cs               |   0
 .../AuthenticationBuilder.cs                  |   0
 .../AuthenticationHandler.cs                  |   0
 .../AuthenticationMiddleware.cs               |   0
 .../AuthenticationSchemeOptions.cs            |   0
 ...thenticationServiceCollectionExtensions.cs |   0
 .../Data/IDataSerializer.cs                   |   0
 .../Data/ISecureDataFormat.cs                 |   0
 .../Data/PropertiesDataFormat.cs              |   0
 .../Data/PropertiesSerializer.cs              |   0
 .../Data/SecureDataFormat.cs                  |   0
 .../Data/TextEncoder.cs                       |   0
 .../Data/TicketDataFormat.cs                  |   0
 .../Data/TicketSerializer.cs                  |   0
 .../Events/AccessDeniedContext.cs             |   0
 .../Events/BaseContext.cs                     |   0
 .../Events/HandleRequestContext.cs            |   0
 .../Events/PrincipalContext.cs                |   0
 .../Events/PropertiesContext.cs               |   0
 .../Events/RedirectContext.cs                 |   0
 .../Events/RemoteAuthenticationContext.cs     |   0
 .../Events/RemoteAuthenticationEvents.cs      |   0
 .../Events/RemoteFailureContext.cs            |   0
 .../Events/ResultContext.cs                   |   0
 .../Events/TicketReceivedContext.cs           |   0
 .../HandleRequestResult.cs                    |   0
 .../ISystemClock.cs                           |   0
 .../Internal/RequestPathBaseCookieBuilder.cs  |   0
 .../LoggingExtensions.cs                      |   0
 ...Microsoft.AspNetCore.Authentication.csproj |   0
 .../PolicySchemeHandler.cs                    |   0
 .../PolicySchemeOptions.cs                    |   0
 .../Properties/Resources.Designer.cs          |   0
 .../RemoteAuthenticationHandler.cs            |   0
 .../RemoteAuthenticationOptions.cs            |   0
 .../Resources.resx                            |   0
 .../SignInAuthenticationHandler.cs            |   0
 .../SignOutAuthenticationHandler.cs           |   0
 .../SystemClock.cs                            |   0
 .../baseline.netcore.json                     |   0
 .../breakingchanges.netcore.json              |   0
 .../AuthorizationAppBuilderExtensions.cs      |   0
 ...tionEndpointConventionBuilderExtensions.cs |   0
 .../AuthorizationMiddleware.cs                |   0
 .../IPolicyEvaluator.cs                       |   0
 ...oft.AspNetCore.Authorization.Policy.csproj |   0
 .../PolicyAuthorizationResult.cs              |   0
 .../PolicyEvaluator.cs                        |   0
 .../PolicyServiceCollectionExtensions.cs      |   0
 .../baseline.netcore.json                     |   0
 .../AllowAnonymousAttribute.cs                |   0
 .../AuthorizationFailure.cs                   |   0
 .../AuthorizationHandler.cs                   |   0
 .../AuthorizationHandlerContext.cs            |   0
 .../AuthorizationOptions.cs                   |   0
 .../AuthorizationPolicy.cs                    |   0
 .../AuthorizationPolicyBuilder.cs             |   0
 .../AuthorizationResult.cs                    |   0
 ...uthorizationServiceCollectionExtensions.cs |   0
 .../AuthorizationServiceExtensions.cs         |   0
 .../AuthorizeAttribute.cs                     |   0
 .../DefaultAuthorizationEvaluator.cs          |   0
 ...faultAuthorizationHandlerContextFactory.cs |   0
 .../DefaultAuthorizationHandlerProvider.cs    |   0
 .../DefaultAuthorizationPolicyProvider.cs     |   0
 .../DefaultAuthorizationService.cs            |   0
 .../IAllowAnonymous.cs                        |   0
 .../IAuthorizationEvaluator.cs                |   0
 .../IAuthorizationHandler.cs                  |   0
 .../IAuthorizationHandlerContextFactory.cs    |   0
 .../IAuthorizationHandlerProvider.cs          |   0
 .../IAuthorizationPolicyProvider.cs           |   0
 .../IAuthorizationRequirement.cs              |   0
 .../IAuthorizationService.cs                  |   0
 .../IAuthorizeData.cs                         |   0
 .../Infrastructure/AssertionRequirement.cs    |   0
 .../ClaimsAuthorizationRequirement.cs         |   0
 .../DenyAnonymousAuthorizationRequirement.cs  |   0
 .../NameAuthorizationRequirement.cs           |   0
 .../OperationAuthorizationRequirement.cs      |   0
 .../PassThroughAuthorizationHandler.cs        |   0
 .../RolesAuthorizationRequirement.cs          |   0
 .../LoggingExtensions.cs                      |   0
 .../Microsoft.AspNetCore.Authorization.csproj |   0
 .../Properties/Resources.Designer.cs          |   0
 .../Resources.resx                            |   0
 .../baseline.netcore.json                     |   0
 .../AppendCookieContext.cs                    |   0
 .../CookiePolicyAppBuilderExtensions.cs       |   0
 .../CookiePolicyMiddleware.cs                 |   0
 .../CookiePolicyOptions.cs                    |   0
 .../DeleteCookieContext.cs                    |   0
 .../HttpOnlyPolicy.cs                         |   0
 .../LoggingExtensions.cs                      |   0
 .../Microsoft.AspNetCore.CookiePolicy.csproj  |   0
 .../ResponseCookiesWrapper.cs                 |   0
 .../baseline.netcore.json                     |   0
 .../AspNetTicketDataFormat.cs                 |   0
 .../AspNetTicketSerializer.cs                 |   0
 .../ChunkingCookieManager.cs                  |   0
 .../Constants.cs                              |   0
 .../DataProtectorShim.cs                      |   0
 .../Microsoft.Owin.Security.Interop.csproj    |   0
 .../Properties/AssemblyInfo.cs                |   0
 .../baseline.netframework.json                |   0
 .../Security/test}/Directory.Build.props      |   0
 .../AuthenticationMiddlewareTests.cs          |   0
 .../Base64UrlTextEncoderTests.cs              |   0
 .../ClaimActionTests.cs                       |   0
 .../CookieTests.cs                            |   0
 .../DynamicSchemeTests.cs                     |   0
 .../FacebookTests.cs                          |   0
 .../GoogleTests.cs                            |   0
 .../JwtBearerTests.cs                         |   0
 ...soft.AspNetCore.Authentication.Test.csproj |   0
 .../MicrosoftAccountTests.cs                  |   0
 .../OAuthChallengePropertiesTest.cs           |   0
 .../OAuthTests.cs                             |   0
 .../OpenIdConnect/MockOpenIdConnectMessage.cs |   0
 .../OpenIdConnectChallengeTests.cs            |   0
 .../OpenIdConnectConfigurationTests.cs        |   0
 .../OpenIdConnect/OpenIdConnectEventTests.cs  |   0
 .../OpenIdConnect/OpenIdConnectTests.cs       |   0
 .../OpenIdConnect/TestServerBuilder.cs        |   0
 .../OpenIdConnect/TestServerExtensions.cs     |   0
 .../OpenIdConnect/TestSettings.cs             |   0
 .../OpenIdConnect/TestTransaction.cs          |   0
 .../OpenIdConnect/wellknownconfig.json        |   0
 .../OpenIdConnect/wellknownkeys.json          |   0
 .../PolicyTests.cs                            |   0
 .../RemoteAuthenticationTests.cs              |   0
 .../SecureDataFormatTests.cs                  |   0
 .../SharedAuthenticationTests.cs              |   0
 .../TestClock.cs                              |   0
 .../TestExtensions.cs                         |   0
 .../TestHandlers.cs                           |   0
 .../TestHttpMessageHandler.cs                 |   0
 .../TicketSerializerTests.cs                  |   0
 .../TokenExtensionTests.cs                    |   0
 .../Transaction.cs                            |   0
 .../TwitterTests.cs                           |   0
 .../WsFederation/CustomStateDataFormat.cs     |   0
 .../WsFederation/InvalidToken.xml             |   0
 .../WsFederation/TestSecurityToken.cs         |   0
 .../TestSecurityTokenValidator.cs             |   0
 .../WsFederation/ValidToken.xml               |   0
 .../WsFederation/WsFederationTest.cs          |   0
 .../WsFederation/federationmetadata.xml       |   0
 .../katanatest.redmond.corp.microsoft.com.cer | Bin
 .../selfSigned.cer                            | Bin
 .../AuthorizationAppBuilderExtensionsTests.cs |   0
 ...ndpointConventionBuilderExtensionsTests.cs |   0
 .../AuthorizationMiddlewareTests.cs           |   0
 .../AuthorizationPolicyFacts.cs               |   0
 .../DefaultAuthorizationServiceTests.cs       |   0
 ...osoft.AspNetCore.Authorization.Test.csproj |   0
 .../PolicyEvaluatorTests.cs                   |   0
 .../TestObjects/TestAuthenticationService.cs  |   0
 .../CookieChunkingTests.cs                    |   0
 ....ChunkingCookieManager.Sources.Test.csproj |   0
 .../CookieConsentTests.cs                     |   0
 .../CookiePolicyTests.cs                      |   0
 ...rosoft.AspNetCore.CookiePolicy.Test.csproj |   0
 .../TestExtensions.cs                         |   0
 .../Transaction.cs                            |   0
 .../CookieInteropTests.cs                     |   0
 ...icrosoft.Owin.Security.Interop.Test.csproj |   0
 .../TicketInteropTests.cs                     |   0
 version.props => src/Security/version.props   |   0
 395 files changed, 818 deletions(-)
 delete mode 100644 .appveyor.yml
 delete mode 100644 .gitattributes
 delete mode 100644 .travis.yml
 delete mode 100644 .vsts-pipelines/builds/ci-internal.yml
 delete mode 100644 .vsts-pipelines/builds/ci-public.yml
 delete mode 100644 CONTRIBUTING.md
 delete mode 100644 LICENSE.txt
 delete mode 100644 NuGet.config
 delete mode 100644 build.cmd
 delete mode 100755 build.sh
 delete mode 100644 korebuild-lock.txt
 delete mode 100644 korebuild.json
 delete mode 100644 run.cmd
 delete mode 100644 run.ps1
 delete mode 100755 run.sh
 rename .gitignore => src/Security/.gitignore (100%)
 rename Directory.Build.props => src/Security/Directory.Build.props (100%)
 rename Directory.Build.targets => src/Security/Directory.Build.targets (100%)
 rename NuGetPackageVerifier.json => src/Security/NuGetPackageVerifier.json (100%)
 rename README.md => src/Security/README.md (100%)
 rename Security.sln => src/Security/Security.sln (100%)
 rename {benchmarks => src/Security/benchmarks}/Microsoft.AspNetCore.Security.Performance/AuthorizationMiddlewareBenchmark.cs (100%)
 rename {benchmarks => src/Security/benchmarks}/Microsoft.AspNetCore.Security.Performance/AuthorizationPolicyBenchmark.cs (100%)
 rename {benchmarks => src/Security/benchmarks}/Microsoft.AspNetCore.Security.Performance/Microsoft.AspNetCore.Security.Performance.csproj (100%)
 rename {benchmarks => src/Security/benchmarks}/Microsoft.AspNetCore.Security.Performance/Properties/AssemblyInfo.cs (100%)
 rename {benchmarks => src/Security/benchmarks}/Microsoft.AspNetCore.Security.Performance/readme.md (100%)
 rename {build => src/Security/build}/Key.snk (100%)
 rename {build => src/Security/build}/dependencies.props (100%)
 rename {build => src/Security/build}/repo.props (100%)
 rename {build => src/Security/build}/sources.props (100%)
 rename {samples => src/Security/samples}/CookiePolicySample/CookiePolicySample.csproj (100%)
 rename {samples => src/Security/samples}/CookiePolicySample/Program.cs (100%)
 rename {samples => src/Security/samples}/CookiePolicySample/Properties/launchSettings.json (100%)
 rename {samples => src/Security/samples}/CookiePolicySample/Startup.cs (100%)
 rename {samples => src/Security/samples}/CookieSample/CookieSample.csproj (100%)
 rename {samples => src/Security/samples}/CookieSample/Program.cs (100%)
 rename {samples => src/Security/samples}/CookieSample/Properties/launchSettings.json (100%)
 rename {samples => src/Security/samples}/CookieSample/Startup.cs (100%)
 rename {samples => src/Security/samples}/CookieSessionSample/CookieSessionSample.csproj (100%)
 rename {samples => src/Security/samples}/CookieSessionSample/MemoryCacheTicketStore.cs (100%)
 rename {samples => src/Security/samples}/CookieSessionSample/Program.cs (100%)
 rename {samples => src/Security/samples}/CookieSessionSample/Properties/launchSettings.json (100%)
 rename {samples => src/Security/samples}/CookieSessionSample/Startup.cs (100%)
 rename {samples => src/Security/samples}/JwtBearerSample/JwtBearerSample.csproj (100%)
 rename {samples => src/Security/samples}/JwtBearerSample/Program.cs (100%)
 rename {samples => src/Security/samples}/JwtBearerSample/Properties/launchSettings.json (100%)
 rename {samples => src/Security/samples}/JwtBearerSample/Startup.cs (100%)
 rename {samples => src/Security/samples}/JwtBearerSample/Todo.cs (100%)
 rename {samples => src/Security/samples}/JwtBearerSample/wwwroot/App/Scripts/app.js (100%)
 rename {samples => src/Security/samples}/JwtBearerSample/wwwroot/App/Scripts/homeCtrl.js (100%)
 rename {samples => src/Security/samples}/JwtBearerSample/wwwroot/App/Scripts/indexCtrl.js (100%)
 rename {samples => src/Security/samples}/JwtBearerSample/wwwroot/App/Scripts/todoListCtrl.js (100%)
 rename {samples => src/Security/samples}/JwtBearerSample/wwwroot/App/Scripts/todoListSvc.js (100%)
 rename {samples => src/Security/samples}/JwtBearerSample/wwwroot/App/Scripts/userDataCtrl.js (100%)
 rename {samples => src/Security/samples}/JwtBearerSample/wwwroot/App/Views/Home.html (100%)
 rename {samples => src/Security/samples}/JwtBearerSample/wwwroot/App/Views/TodoList.html (100%)
 rename {samples => src/Security/samples}/JwtBearerSample/wwwroot/App/Views/UserData.html (100%)
 rename {samples => src/Security/samples}/JwtBearerSample/wwwroot/index.html (100%)
 rename {samples => src/Security/samples}/OpenIdConnect.AzureAdSample/AuthPropertiesTokenCache.cs (100%)
 rename {samples => src/Security/samples}/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj (100%)
 rename {samples => src/Security/samples}/OpenIdConnect.AzureAdSample/Program.cs (100%)
 rename {samples => src/Security/samples}/OpenIdConnect.AzureAdSample/Properties/launchSettings.json (100%)
 rename {samples => src/Security/samples}/OpenIdConnect.AzureAdSample/Readme.md (100%)
 rename {samples => src/Security/samples}/OpenIdConnect.AzureAdSample/Startup.cs (100%)
 rename {samples => src/Security/samples}/OpenIdConnectSample/OpenIdConnectSample.csproj (100%)
 rename {samples => src/Security/samples}/OpenIdConnectSample/Program.cs (100%)
 rename {samples => src/Security/samples}/OpenIdConnectSample/Properties/launchSettings.json (100%)
 rename {samples => src/Security/samples}/OpenIdConnectSample/Readme.md (100%)
 rename {samples => src/Security/samples}/OpenIdConnectSample/Startup.cs (100%)
 rename {samples => src/Security/samples}/OpenIdConnectSample/compiler/resources/cert.pfx (100%)
 rename {samples => src/Security/samples}/SocialSample/Program.cs (100%)
 rename {samples => src/Security/samples}/SocialSample/Properties/launchSettings.json (100%)
 rename {samples => src/Security/samples}/SocialSample/SocialSample.csproj (100%)
 rename {samples => src/Security/samples}/SocialSample/Startup.cs (100%)
 rename {samples => src/Security/samples}/SocialSample/compiler/resources/cert.pfx (100%)
 rename {samples => src/Security/samples}/SocialSample/web.config (100%)
 rename {samples => src/Security/samples}/WsFedSample/Program.cs (100%)
 rename {samples => src/Security/samples}/WsFedSample/Properties/launchSettings.json (100%)
 rename {samples => src/Security/samples}/WsFedSample/Startup.cs (100%)
 rename {samples => src/Security/samples}/WsFedSample/WsFedSample.csproj (100%)
 rename {samples => src/Security/samples}/WsFedSample/compiler/resources/cert.pfx (100%)
 rename {shared => src/Security/shared}/Microsoft.AspNetCore.ChunkingCookieManager.Sources/ChunkingCookieManager.cs (100%)
 rename src/{ => Security/src}/Directory.Build.props (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Cookies/Constants.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Cookies/CookieAppBuilderExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationDefaults.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Cookies/CookieExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieAuthenticationEvents.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSignedInContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningInContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningOutContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieValidatePrincipalContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Cookies/ICookieManager.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Cookies/ITicketStore.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Cookies/LoggingExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Cookies/PostConfigureCookieAuthenticationOptions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Cookies/baseline.netcore.json (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Cookies/breakingchanges.netcore.json (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Facebook/FacebookAppBuilderExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Facebook/FacebookDefaults.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Facebook/FacebookExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Facebook/FacebookOptions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Facebook/Properties/Resources.Designer.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Facebook/Resources.resx (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Facebook/baseline.netcore.json (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Google/GoogleAppBuilderExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Google/GoogleChallengeProperties.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Google/GoogleDefaults.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Google/GoogleHelper.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Google/GoogleOptions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Google/Properties/Resources.Designer.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Google/Resources.resx (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Google/baseline.netcore.json (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerEvents.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.JwtBearer/Events/MessageReceivedContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.JwtBearer/Events/TokenValidatedContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerDefaults.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerPostConfigureOptions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.JwtBearer/LoggingExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.JwtBearer/Properties/Resources.Designer.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.JwtBearer/Resources.resx (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.JwtBearer/baseline.netcore.json (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.JwtBearer/breakingchanges.netcore.json (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountDefaults.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Properties/Resources.Designer.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Resources.resx (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.MicrosoftAccount/baseline.netcore.json (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimAction.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimActionCollection.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimActionCollectionMapExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OAuth/Claims/CustomJsonClaimAction.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OAuth/Claims/DeleteClaimAction.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OAuth/Claims/JsonKeyClaimAction.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OAuth/Claims/JsonSubKeyClaimAction.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OAuth/Claims/MapAllClaimsAction.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthEvents.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OAuth/OAuthAppBuilderExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OAuth/OAuthChallengeProperties.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OAuth/OAuthDefaults.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OAuth/OAuthExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OAuth/OAuthPostConfigureOptions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OAuth/OAuthTokenResponse.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OAuth/Properties/Resources.Designer.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OAuth/Resources.resx (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OAuth/baseline.netcore.json (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OpenIdConnect/Claims/ClaimActionCollectionUniqueExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OpenIdConnect/Claims/UniqueJsonKeyClaimAction.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthenticationFailedContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RedirectContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RemoteSignoutContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenValidatedContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/UserInformationReceivedContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OpenIdConnect/LoggingExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectAppBuilderExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectChallengeProperties.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectDefaults.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectPostConfigureOptions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectRedirectBehavior.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OpenIdConnect/Properties/Resources.Designer.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OpenIdConnect/Resources.resx (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OpenIdConnect/baseline.netcore.json (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterCreatingTicketContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterEvents.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Twitter/LoggingExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Twitter/Messages/AccessToken.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Twitter/Messages/RequestToken.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Twitter/Messages/RequestTokenSerializer.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Twitter/Properties/Resources.Designer.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Twitter/Resources.resx (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Twitter/TwitterAppBuilderExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Twitter/TwitterDefaults.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Twitter/TwitterExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Twitter/TwitterPostConfigureOptions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Twitter/baseline.netcore.json (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.WsFederation/Events/AuthenticationFailedContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.WsFederation/Events/MessageReceivedContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.WsFederation/Events/RedirectContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.WsFederation/Events/RemoteSignoutContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.WsFederation/Events/SecurityTokenReceivedContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.WsFederation/Events/SecurityTokenValidatedContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.WsFederation/Events/WsFederationEvents.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.WsFederation/LoggingExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.WsFederation/Microsoft.AspNetCore.Authentication.WsFederation.csproj (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.WsFederation/Properties/Resources.Designer.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.WsFederation/Resources.resx (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationDefaults.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationHandler.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationOptions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationPostConfigureOptions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.WsFederation/baseline.netcore.json (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/AuthAppBuilderExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/AuthenticationBuilder.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/AuthenticationMiddleware.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/AuthenticationSchemeOptions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/Data/IDataSerializer.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/Data/ISecureDataFormat.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/Data/PropertiesDataFormat.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/Data/PropertiesSerializer.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/Data/SecureDataFormat.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/Data/TextEncoder.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/Data/TicketDataFormat.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/Data/TicketSerializer.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/Events/AccessDeniedContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/Events/BaseContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/Events/HandleRequestContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/Events/PrincipalContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/Events/PropertiesContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/Events/RedirectContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationEvents.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/Events/RemoteFailureContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/Events/ResultContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/Events/TicketReceivedContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/HandleRequestResult.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/ISystemClock.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/Internal/RequestPathBaseCookieBuilder.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/LoggingExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/PolicySchemeHandler.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/PolicySchemeOptions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/Properties/Resources.Designer.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/Resources.resx (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/SignInAuthenticationHandler.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/SignOutAuthenticationHandler.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/SystemClock.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/baseline.netcore.json (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/breakingchanges.netcore.json (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization.Policy/AuthorizationAppBuilderExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization.Policy/AuthorizationEndpointConventionBuilderExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization.Policy/AuthorizationMiddleware.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization.Policy/IPolicyEvaluator.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization.Policy/Microsoft.AspNetCore.Authorization.Policy.csproj (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization.Policy/PolicyAuthorizationResult.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization.Policy/PolicyEvaluator.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization.Policy/PolicyServiceCollectionExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization.Policy/baseline.netcore.json (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/AllowAnonymousAttribute.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/AuthorizationFailure.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/AuthorizationHandler.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/AuthorizationHandlerContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/AuthorizationOptions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/AuthorizationPolicy.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/AuthorizationPolicyBuilder.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/AuthorizationResult.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/AuthorizationServiceCollectionExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/AuthorizationServiceExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/AuthorizeAttribute.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/DefaultAuthorizationEvaluator.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/DefaultAuthorizationHandlerContextFactory.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/DefaultAuthorizationHandlerProvider.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/DefaultAuthorizationPolicyProvider.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/IAllowAnonymous.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/IAuthorizationEvaluator.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/IAuthorizationHandler.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/IAuthorizationHandlerContextFactory.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/IAuthorizationHandlerProvider.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/IAuthorizationPolicyProvider.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/IAuthorizationRequirement.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/IAuthorizationService.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/IAuthorizeData.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/Infrastructure/AssertionRequirement.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/Infrastructure/ClaimsAuthorizationRequirement.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/Infrastructure/DenyAnonymousAuthorizationRequirement.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/Infrastructure/NameAuthorizationRequirement.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/Infrastructure/OperationAuthorizationRequirement.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/Infrastructure/PassThroughAuthorizationHandler.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/Infrastructure/RolesAuthorizationRequirement.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/LoggingExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/Properties/Resources.Designer.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/Resources.resx (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/baseline.netcore.json (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.CookiePolicy/AppendCookieContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.CookiePolicy/CookiePolicyAppBuilderExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.CookiePolicy/CookiePolicyMiddleware.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.CookiePolicy/CookiePolicyOptions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.CookiePolicy/DeleteCookieContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.CookiePolicy/HttpOnlyPolicy.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.CookiePolicy/LoggingExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.CookiePolicy/ResponseCookiesWrapper.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.CookiePolicy/baseline.netcore.json (100%)
 rename src/{ => Security/src}/Microsoft.Owin.Security.Interop/AspNetTicketDataFormat.cs (100%)
 rename src/{ => Security/src}/Microsoft.Owin.Security.Interop/AspNetTicketSerializer.cs (100%)
 rename src/{ => Security/src}/Microsoft.Owin.Security.Interop/ChunkingCookieManager.cs (100%)
 rename src/{ => Security/src}/Microsoft.Owin.Security.Interop/Constants.cs (100%)
 rename src/{ => Security/src}/Microsoft.Owin.Security.Interop/DataProtectorShim.cs (100%)
 rename src/{ => Security/src}/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj (100%)
 rename src/{ => Security/src}/Microsoft.Owin.Security.Interop/Properties/AssemblyInfo.cs (100%)
 rename src/{ => Security/src}/Microsoft.Owin.Security.Interop/baseline.netframework.json (100%)
 rename {test => src/Security/test}/Directory.Build.props (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/AuthenticationMiddlewareTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/Base64UrlTextEncoderTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/ClaimActionTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/DynamicSchemeTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/OAuthChallengePropertiesTest.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/MockOpenIdConnectMessage.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectConfigurationTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectEventTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerBuilder.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerExtensions.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestTransaction.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/wellknownconfig.json (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/wellknownkeys.json (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/PolicyTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/RemoteAuthenticationTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/SecureDataFormatTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/SharedAuthenticationTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/TestClock.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/TestExtensions.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/TestHandlers.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/TestHttpMessageHandler.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/TicketSerializerTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/TokenExtensionTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/Transaction.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/WsFederation/CustomStateDataFormat.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/WsFederation/InvalidToken.xml (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/WsFederation/TestSecurityToken.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/WsFederation/TestSecurityTokenValidator.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/WsFederation/ValidToken.xml (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/WsFederation/WsFederationTest.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/WsFederation/federationmetadata.xml (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/katanatest.redmond.corp.microsoft.com.cer (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/selfSigned.cer (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authorization.Test/AuthorizationAppBuilderExtensionsTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authorization.Test/AuthorizationEndpointConventionBuilderExtensionsTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authorization.Test/AuthorizationMiddlewareTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authorization.Test/AuthorizationPolicyFacts.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authorization.Test/PolicyEvaluatorTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authorization.Test/TestObjects/TestAuthenticationService.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/CookieChunkingTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.CookiePolicy.Test/CookieConsentTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.CookiePolicy.Test/TestExtensions.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.CookiePolicy.Test/Transaction.cs (100%)
 rename {test => src/Security/test}/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj (100%)
 rename {test => src/Security/test}/Microsoft.Owin.Security.Interop.Test/TicketInteropTests.cs (100%)
 rename version.props => src/Security/version.props (100%)

diff --git a/.appveyor.yml b/.appveyor.yml
deleted file mode 100644
index d45bd5a1f8..0000000000
--- a/.appveyor.yml
+++ /dev/null
@@ -1,17 +0,0 @@
-init:
-- git config --global core.autocrlf true
-branches:
-  only:
-  - master
-  - /^release\/.*$/
-  - /^(.*\/)?ci-.*$/
-build_script:
-- ps: .\run.ps1 default-build
-clone_depth: 1
-environment:
-  global:
-    DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true
-    DOTNET_CLI_TELEMETRY_OPTOUT: 1
-test: 'off'
-deploy: 'off'
-os: Visual Studio 2017
diff --git a/.gitattributes b/.gitattributes
deleted file mode 100644
index 97b827b758..0000000000
--- a/.gitattributes
+++ /dev/null
@@ -1,51 +0,0 @@
-*.doc  diff=astextplain
-*.DOC	diff=astextplain
-*.docx	diff=astextplain
-*.DOCX	diff=astextplain
-*.dot	diff=astextplain
-*.DOT	diff=astextplain
-*.pdf	diff=astextplain
-*.PDF	diff=astextplain
-*.rtf	diff=astextplain
-*.RTF	diff=astextplain
-
-*.jpg  	binary
-*.png 	binary
-*.gif 	binary
-
-*.cs text=auto diff=csharp 
-*.vb text=auto
-*.resx text=auto
-*.c text=auto
-*.cpp text=auto
-*.cxx text=auto
-*.h text=auto
-*.hxx text=auto
-*.py text=auto
-*.rb text=auto
-*.java text=auto
-*.html text=auto
-*.htm text=auto
-*.css text=auto
-*.scss text=auto
-*.sass text=auto
-*.less text=auto
-*.js text=auto
-*.lisp text=auto
-*.clj text=auto
-*.sql text=auto
-*.php text=auto
-*.lua text=auto
-*.m text=auto
-*.asm text=auto
-*.erl text=auto
-*.fs text=auto
-*.fsx text=auto
-*.hs text=auto
-
-*.csproj text=auto
-*.vbproj text=auto
-*.fsproj text=auto
-*.dbproj text=auto
-*.sln text=auto eol=crlf
-*.sh eol=lf
diff --git a/.travis.yml b/.travis.yml
deleted file mode 100644
index ab3980055c..0000000000
--- a/.travis.yml
+++ /dev/null
@@ -1,27 +0,0 @@
-language: csharp
-sudo: false
-dist: trusty
-env:
-  global:
-  - DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true
-  - DOTNET_CLI_TELEMETRY_OPTOUT: 1
-mono: none
-os:
-- linux
-- osx
-osx_image: xcode8.2
-addons:
-  apt:
-    packages:
-    - libunwind8
-branches:
-  only:
-  - master
-  - /^release\/.*$/
-  - /^(.*\/)?ci-.*$/
-before_install:
-- if test "$TRAVIS_OS_NAME" == "osx"; then brew update; brew install openssl; ln -s
-  /usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib /usr/local/lib/; ln -s /usr/local/opt/openssl/lib/libssl.1.0.0.dylib
-  /usr/local/lib/; fi
-script:
-- ./build.sh
diff --git a/.vsts-pipelines/builds/ci-internal.yml b/.vsts-pipelines/builds/ci-internal.yml
deleted file mode 100644
index c2c5336fd0..0000000000
--- a/.vsts-pipelines/builds/ci-internal.yml
+++ /dev/null
@@ -1,13 +0,0 @@
-trigger:
-- master
-- release/*
-
-resources:
-  repositories:
-  - repository: buildtools
-    type: git
-    name: aspnet-BuildTools
-    ref: refs/heads/master
-
-phases:
-- template: .vsts-pipelines/templates/project-ci.yml@buildtools
diff --git a/.vsts-pipelines/builds/ci-public.yml b/.vsts-pipelines/builds/ci-public.yml
deleted file mode 100644
index 507c89b025..0000000000
--- a/.vsts-pipelines/builds/ci-public.yml
+++ /dev/null
@@ -1,15 +0,0 @@
-trigger:
-- master
-- release/*
-
-# See https://github.com/aspnet/BuildTools
-resources:
-  repositories:
-  - repository: buildtools
-    type: github
-    endpoint: DotNet-Bot GitHub Connection
-    name: aspnet/BuildTools
-    ref: refs/heads/master
-
-phases:
-- template: .vsts-pipelines/templates/project-ci.yml@buildtools
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
deleted file mode 100644
index eac4268e4c..0000000000
--- a/CONTRIBUTING.md
+++ /dev/null
@@ -1,4 +0,0 @@
-Contributing
-======
-
-Information on contributing to this repo is in the [Contributing Guide](https://github.com/aspnet/Home/blob/master/CONTRIBUTING.md) in the Home repo.
diff --git a/LICENSE.txt b/LICENSE.txt
deleted file mode 100644
index b3b180cd51..0000000000
--- a/LICENSE.txt
+++ /dev/null
@@ -1,201 +0,0 @@
-                                 Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "[]"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright (c) .NET Foundation and Contributors
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
diff --git a/NuGet.config b/NuGet.config
deleted file mode 100644
index e32bddfd51..0000000000
--- a/NuGet.config
+++ /dev/null
@@ -1,7 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<configuration>
-  <packageSources>
-    <clear />
-    <!-- Restore sources should be defined in build/sources.props. -->
-  </packageSources>
-</configuration>
diff --git a/build.cmd b/build.cmd
deleted file mode 100644
index c0050bda12..0000000000
--- a/build.cmd
+++ /dev/null
@@ -1,2 +0,0 @@
-@ECHO OFF
-PowerShell -NoProfile -NoLogo -ExecutionPolicy unrestricted -Command "[System.Threading.Thread]::CurrentThread.CurrentCulture = ''; [System.Threading.Thread]::CurrentThread.CurrentUICulture = '';& '%~dp0run.ps1' default-build %*; exit $LASTEXITCODE"
diff --git a/build.sh b/build.sh
deleted file mode 100755
index 98a4b22765..0000000000
--- a/build.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/usr/bin/env bash
-
-set -euo pipefail
-DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-
-# Call "sync" between "chmod" and execution to prevent "text file busy" error in Docker (aufs)
-chmod +x "$DIR/run.sh"; sync
-"$DIR/run.sh" default-build "$@"
diff --git a/korebuild-lock.txt b/korebuild-lock.txt
deleted file mode 100644
index 73613543d0..0000000000
--- a/korebuild-lock.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-version:3.0.0-build-20181114.5
-commithash:880e9a204d4ee4a18dfd83c9fb05a192a28bca60
diff --git a/korebuild.json b/korebuild.json
deleted file mode 100644
index 8a276a7f35..0000000000
--- a/korebuild.json
+++ /dev/null
@@ -1,4 +0,0 @@
-{
-  "$schema": "https://raw.githubusercontent.com/aspnet/BuildTools/master/tools/korebuild.schema.json",
-  "channel": "master"
-}
diff --git a/run.cmd b/run.cmd
deleted file mode 100644
index d52d5c7e68..0000000000
--- a/run.cmd
+++ /dev/null
@@ -1,2 +0,0 @@
-@ECHO OFF
-PowerShell -NoProfile -NoLogo -ExecutionPolicy unrestricted -Command "[System.Threading.Thread]::CurrentThread.CurrentCulture = ''; [System.Threading.Thread]::CurrentThread.CurrentUICulture = '';& '%~dp0run.ps1' %*; exit $LASTEXITCODE"
diff --git a/run.ps1 b/run.ps1
deleted file mode 100644
index 34604c7175..0000000000
--- a/run.ps1
+++ /dev/null
@@ -1,209 +0,0 @@
-#!/usr/bin/env powershell
-#requires -version 4
-
-<#
-.SYNOPSIS
-Executes KoreBuild commands.
-
-.DESCRIPTION
-Downloads korebuild if required. Then executes the KoreBuild command. To see available commands, execute with `-Command help`.
-
-.PARAMETER Command
-The KoreBuild command to run.
-
-.PARAMETER Path
-The folder to build. Defaults to the folder containing this script.
-
-.PARAMETER Channel
-The channel of KoreBuild to download. Overrides the value from the config file.
-
-.PARAMETER DotNetHome
-The directory where .NET Core tools will be stored.
-
-.PARAMETER ToolsSource
-The base url where build tools can be downloaded. Overrides the value from the config file.
-
-.PARAMETER Update
-Updates KoreBuild to the latest version even if a lock file is present.
-
-.PARAMETER Reinstall
-Re-installs KoreBuild
-
-.PARAMETER ConfigFile
-The path to the configuration file that stores values. Defaults to korebuild.json.
-
-.PARAMETER ToolsSourceSuffix
-The Suffix to append to the end of the ToolsSource. Useful for query strings in blob stores.
-
-.PARAMETER CI
-Sets up CI specific settings and variables.
-
-.PARAMETER Arguments
-Arguments to be passed to the command
-
-.NOTES
-This function will create a file $PSScriptRoot/korebuild-lock.txt. This lock file can be committed to source, but does not have to be.
-When the lockfile is not present, KoreBuild will create one using latest available version from $Channel.
-
-The $ConfigFile is expected to be an JSON file. It is optional, and the configuration values in it are optional as well. Any options set
-in the file are overridden by command line parameters.
-
-.EXAMPLE
-Example config file:
-```json
-{
-  "$schema": "https://raw.githubusercontent.com/aspnet/BuildTools/master/tools/korebuild.schema.json",
-  "channel": "master",
-  "toolsSource": "https://aspnetcore.blob.core.windows.net/buildtools"
-}
-```
-#>
-[CmdletBinding(PositionalBinding = $false)]
-param(
-    [Parameter(Mandatory = $true, Position = 0)]
-    [string]$Command,
-    [string]$Path = $PSScriptRoot,
-    [Alias('c')]
-    [string]$Channel,
-    [Alias('d')]
-    [string]$DotNetHome,
-    [Alias('s')]
-    [string]$ToolsSource,
-    [Alias('u')]
-    [switch]$Update,
-    [switch]$Reinstall,
-    [string]$ToolsSourceSuffix,
-    [string]$ConfigFile = $null,
-    [switch]$CI,
-    [Parameter(ValueFromRemainingArguments = $true)]
-    [string[]]$Arguments
-)
-
-Set-StrictMode -Version 2
-$ErrorActionPreference = 'Stop'
-
-#
-# Functions
-#
-
-function Get-KoreBuild {
-
-    $lockFile = Join-Path $Path 'korebuild-lock.txt'
-
-    if (!(Test-Path $lockFile) -or $Update) {
-        Get-RemoteFile "$ToolsSource/korebuild/channels/$Channel/latest.txt" $lockFile $ToolsSourceSuffix
-    }
-
-    $version = Get-Content $lockFile | Where-Object { $_ -like 'version:*' } | Select-Object -first 1
-    if (!$version) {
-        Write-Error "Failed to parse version from $lockFile. Expected a line that begins with 'version:'"
-    }
-    $version = $version.TrimStart('version:').Trim()
-    $korebuildPath = Join-Paths $DotNetHome ('buildtools', 'korebuild', $version)
-
-    if ($Reinstall -and (Test-Path $korebuildPath)) {
-        Remove-Item -Force -Recurse $korebuildPath
-    }
-
-    if (!(Test-Path $korebuildPath)) {
-        Write-Host -ForegroundColor Magenta "Downloading KoreBuild $version"
-        New-Item -ItemType Directory -Path $korebuildPath | Out-Null
-        $remotePath = "$ToolsSource/korebuild/artifacts/$version/korebuild.$version.zip"
-
-        try {
-            $tmpfile = Join-Path ([IO.Path]::GetTempPath()) "KoreBuild-$([guid]::NewGuid()).zip"
-            Get-RemoteFile $remotePath $tmpfile $ToolsSourceSuffix
-            if (Get-Command -Name 'Microsoft.PowerShell.Archive\Expand-Archive' -ErrorAction Ignore) {
-                # Use built-in commands where possible as they are cross-plat compatible
-                Microsoft.PowerShell.Archive\Expand-Archive -Path $tmpfile -DestinationPath $korebuildPath
-            }
-            else {
-                # Fallback to old approach for old installations of PowerShell
-                Add-Type -AssemblyName System.IO.Compression.FileSystem
-                [System.IO.Compression.ZipFile]::ExtractToDirectory($tmpfile, $korebuildPath)
-            }
-        }
-        catch {
-            Remove-Item -Recurse -Force $korebuildPath -ErrorAction Ignore
-            throw
-        }
-        finally {
-            Remove-Item $tmpfile -ErrorAction Ignore
-        }
-    }
-
-    return $korebuildPath
-}
-
-function Join-Paths([string]$path, [string[]]$childPaths) {
-    $childPaths | ForEach-Object { $path = Join-Path $path $_ }
-    return $path
-}
-
-function Get-RemoteFile([string]$RemotePath, [string]$LocalPath, [string]$RemoteSuffix) {
-    if ($RemotePath -notlike 'http*') {
-        Copy-Item $RemotePath $LocalPath
-        return
-    }
-
-    $retries = 10
-    while ($retries -gt 0) {
-        $retries -= 1
-        try {
-            Invoke-WebRequest -UseBasicParsing -Uri $($RemotePath + $RemoteSuffix) -OutFile $LocalPath
-            return
-        }
-        catch {
-            Write-Verbose "Request failed. $retries retries remaining"
-        }
-    }
-
-    Write-Error "Download failed: '$RemotePath'."
-}
-
-#
-# Main
-#
-
-# Load configuration or set defaults
-
-$Path = Resolve-Path $Path
-if (!$ConfigFile) { $ConfigFile = Join-Path $Path 'korebuild.json' }
-
-if (Test-Path $ConfigFile) {
-    try {
-        $config = Get-Content -Raw -Encoding UTF8 -Path $ConfigFile | ConvertFrom-Json
-        if ($config) {
-            if (!($Channel) -and (Get-Member -Name 'channel' -InputObject $config)) { [string] $Channel = $config.channel }
-            if (!($ToolsSource) -and (Get-Member -Name 'toolsSource' -InputObject $config)) { [string] $ToolsSource = $config.toolsSource}
-        }
-    }
-    catch {
-        Write-Host -ForegroundColor Red $Error[0]
-        Write-Error "$ConfigFile contains invalid JSON."
-        exit 1
-    }
-}
-
-if (!$DotNetHome) {
-    $DotNetHome = if ($env:DOTNET_HOME) { $env:DOTNET_HOME } `
-        elseif ($env:USERPROFILE) { Join-Path $env:USERPROFILE '.dotnet'} `
-        elseif ($env:HOME) {Join-Path $env:HOME '.dotnet'}`
-        else { Join-Path $PSScriptRoot '.dotnet'}
-}
-
-if (!$Channel) { $Channel = 'master' }
-if (!$ToolsSource) { $ToolsSource = 'https://aspnetcore.blob.core.windows.net/buildtools' }
-
-# Execute
-
-$korebuildPath = Get-KoreBuild
-Import-Module -Force -Scope Local (Join-Path $korebuildPath 'KoreBuild.psd1')
-
-try {
-    Set-KoreBuildSettings -ToolsSource $ToolsSource -DotNetHome $DotNetHome -RepoPath $Path -ConfigFile $ConfigFile -CI:$CI
-    Invoke-KoreBuildCommand $Command @Arguments
-}
-finally {
-    Remove-Module 'KoreBuild' -ErrorAction Ignore
-}
diff --git a/run.sh b/run.sh
deleted file mode 100755
index 4c1fed5646..0000000000
--- a/run.sh
+++ /dev/null
@@ -1,256 +0,0 @@
-#!/usr/bin/env bash
-
-set -euo pipefail
-
-#
-# variables
-#
-
-RESET="\033[0m"
-RED="\033[0;31m"
-YELLOW="\033[0;33m"
-MAGENTA="\033[0;95m"
-DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-[ -z "${DOTNET_HOME:-}" ] && DOTNET_HOME="$HOME/.dotnet"
-verbose=false
-update=false
-reinstall=false
-repo_path="$DIR"
-channel=''
-tools_source=''
-tools_source_suffix=''
-ci=false
-
-#
-# Functions
-#
-__usage() {
-    echo "Usage: $(basename "${BASH_SOURCE[0]}") command [options] [[--] <Arguments>...]"
-    echo ""
-    echo "Arguments:"
-    echo "    command                The command to be run."
-    echo "    <Arguments>...         Arguments passed to the command. Variable number of arguments allowed."
-    echo ""
-    echo "Options:"
-    echo "    --verbose                                             Show verbose output."
-    echo "    -c|--channel <CHANNEL>                                The channel of KoreBuild to download. Overrides the value from the config file.."
-    echo "    --config-file <FILE>                                  The path to the configuration file that stores values. Defaults to korebuild.json."
-    echo "    -d|--dotnet-home <DIR>                                The directory where .NET Core tools will be stored. Defaults to '\$DOTNET_HOME' or '\$HOME/.dotnet."
-    echo "    --path <PATH>                                         The directory to build. Defaults to the directory containing the script."
-    echo "    -s|--tools-source|-ToolsSource <URL>                  The base url where build tools can be downloaded. Overrides the value from the config file."
-    echo "    --tools-source-suffix|-ToolsSourceSuffix <SUFFIX>     The suffix to append to tools-source. Useful for query strings."
-    echo "    -u|--update                                           Update to the latest KoreBuild even if the lock file is present."
-    echo "    --reinstall                                           Reinstall KoreBuild."
-    echo "    --ci                                                  Apply CI specific settings and environment variables."
-    echo ""
-    echo "Description:"
-    echo "    This function will create a file \$DIR/korebuild-lock.txt. This lock file can be committed to source, but does not have to be."
-    echo "    When the lockfile is not present, KoreBuild will create one using latest available version from \$channel."
-
-    if [[ "${1:-}" != '--no-exit' ]]; then
-        exit 2
-    fi
-}
-
-get_korebuild() {
-    local version
-    local lock_file="$repo_path/korebuild-lock.txt"
-    if [ ! -f "$lock_file" ] || [ "$update" = true ]; then
-        __get_remote_file "$tools_source/korebuild/channels/$channel/latest.txt" "$lock_file" "$tools_source_suffix"
-    fi
-    version="$(grep 'version:*' -m 1 "$lock_file")"
-    if [[ "$version" == '' ]]; then
-        __error "Failed to parse version from $lock_file. Expected a line that begins with 'version:'"
-        return 1
-    fi
-    version="$(echo "${version#version:}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
-    local korebuild_path="$DOTNET_HOME/buildtools/korebuild/$version"
-
-    if [ "$reinstall" = true ] && [ -d "$korebuild_path" ]; then
-        rm -rf "$korebuild_path"
-    fi
-
-    {
-        if [ ! -d "$korebuild_path" ]; then
-            mkdir -p "$korebuild_path"
-            local remote_path="$tools_source/korebuild/artifacts/$version/korebuild.$version.zip"
-            tmpfile="$(mktemp)"
-            echo -e "${MAGENTA}Downloading KoreBuild ${version}${RESET}"
-            if __get_remote_file "$remote_path" "$tmpfile" "$tools_source_suffix"; then
-                unzip -q -d "$korebuild_path" "$tmpfile"
-            fi
-            rm "$tmpfile" || true
-        fi
-
-        source "$korebuild_path/KoreBuild.sh"
-    } || {
-        if [ -d "$korebuild_path" ]; then
-            echo "Cleaning up after failed installation"
-            rm -rf "$korebuild_path" || true
-        fi
-        return 1
-    }
-}
-
-__error() {
-    echo -e "${RED}error: $*${RESET}" 1>&2
-}
-
-__warn() {
-    echo -e "${YELLOW}warning: $*${RESET}"
-}
-
-__machine_has() {
-    hash "$1" > /dev/null 2>&1
-    return $?
-}
-
-__get_remote_file() {
-    local remote_path=$1
-    local local_path=$2
-    local remote_path_suffix=$3
-
-    if [[ "$remote_path" != 'http'* ]]; then
-        cp "$remote_path" "$local_path"
-        return 0
-    fi
-
-    local failed=false
-    if __machine_has wget; then
-        wget --tries 10 --quiet -O "$local_path" "${remote_path}${remote_path_suffix}" || failed=true
-    else
-        failed=true
-    fi
-
-    if [ "$failed" = true ] && __machine_has curl; then
-        failed=false
-        curl --retry 10 -sSL -f --create-dirs -o "$local_path" "${remote_path}${remote_path_suffix}" || failed=true
-    fi
-
-    if [ "$failed" = true ]; then
-        __error "Download failed: $remote_path" 1>&2
-        return 1
-    fi
-}
-
-#
-# main
-#
-
-command="${1:-}"
-shift
-
-while [[ $# -gt 0 ]]; do
-    case $1 in
-        -\?|-h|--help)
-            __usage --no-exit
-            exit 0
-            ;;
-        -c|--channel|-Channel)
-            shift
-            channel="${1:-}"
-            [ -z "$channel" ] && __usage
-            ;;
-        --config-file|-ConfigFile)
-            shift
-            config_file="${1:-}"
-            [ -z "$config_file" ] && __usage
-            if [ ! -f "$config_file" ]; then
-                __error "Invalid value for --config-file. $config_file does not exist."
-                exit 1
-            fi
-            ;;
-        -d|--dotnet-home|-DotNetHome)
-            shift
-            DOTNET_HOME="${1:-}"
-            [ -z "$DOTNET_HOME" ] && __usage
-            ;;
-        --path|-Path)
-            shift
-            repo_path="${1:-}"
-            [ -z "$repo_path" ] && __usage
-            ;;
-        -s|--tools-source|-ToolsSource)
-            shift
-            tools_source="${1:-}"
-            [ -z "$tools_source" ] && __usage
-            ;;
-        --tools-source-suffix|-ToolsSourceSuffix)
-            shift
-            tools_source_suffix="${1:-}"
-            [ -z "$tools_source_suffix" ] && __usage
-            ;;
-        -u|--update|-Update)
-            update=true
-            ;;
-        --reinstall|-[Rr]einstall)
-            reinstall=true
-            ;;
-        --ci|-[Cc][Ii])
-            ci=true
-            ;;
-        --verbose|-Verbose)
-            verbose=true
-            ;;
-        --)
-            shift
-            break
-            ;;
-        *)
-            break
-            ;;
-    esac
-    shift
-done
-
-if ! __machine_has unzip; then
-    __error 'Missing required command: unzip'
-    exit 1
-fi
-
-if ! __machine_has curl && ! __machine_has wget; then
-    __error 'Missing required command. Either wget or curl is required.'
-    exit 1
-fi
-
-[ -z "${config_file:-}" ] && config_file="$repo_path/korebuild.json"
-if [ -f "$config_file" ]; then
-    if __machine_has jq ; then
-        if jq '.' "$config_file" >/dev/null ; then
-            config_channel="$(jq -r 'select(.channel!=null) | .channel' "$config_file")"
-            config_tools_source="$(jq -r 'select(.toolsSource!=null) | .toolsSource' "$config_file")"
-        else
-            __error "$config_file contains invalid JSON."
-            exit 1
-        fi
-    elif __machine_has python ; then
-        if python -c "import json,codecs;obj=json.load(codecs.open('$config_file', 'r', 'utf-8-sig'))" >/dev/null ; then
-            config_channel="$(python -c "import json,codecs;obj=json.load(codecs.open('$config_file', 'r', 'utf-8-sig'));print(obj['channel'] if 'channel' in obj else '')")"
-            config_tools_source="$(python -c "import json,codecs;obj=json.load(codecs.open('$config_file', 'r', 'utf-8-sig'));print(obj['toolsSource'] if 'toolsSource' in obj else '')")"
-        else
-            __error "$config_file contains invalid JSON."
-            exit 1
-        fi
-    elif __machine_has python3 ; then
-        if python3 -c "import json,codecs;obj=json.load(codecs.open('$config_file', 'r', 'utf-8-sig'))" >/dev/null ; then
-            config_channel="$(python3 -c "import json,codecs;obj=json.load(codecs.open('$config_file', 'r', 'utf-8-sig'));print(obj['channel'] if 'channel' in obj else '')")"
-            config_tools_source="$(python3 -c "import json,codecs;obj=json.load(codecs.open('$config_file', 'r', 'utf-8-sig'));print(obj['toolsSource'] if 'toolsSource' in obj else '')")"
-        else
-            __error "$config_file contains invalid JSON."
-            exit 1
-        fi
-    else
-        __error 'Missing required command: jq or python. Could not parse the JSON file.'
-        exit 1
-    fi
-
-    [ ! -z "${config_channel:-}" ] && channel="$config_channel"
-    [ ! -z "${config_tools_source:-}" ] && tools_source="$config_tools_source"
-fi
-
-[ -z "$channel" ] && channel='master'
-[ -z "$tools_source" ] && tools_source='https://aspnetcore.blob.core.windows.net/buildtools'
-
-get_korebuild
-set_korebuildsettings "$tools_source" "$DOTNET_HOME" "$repo_path" "$config_file" "$ci"
-invoke_korebuild_command "$command" "$@"
diff --git a/.gitignore b/src/Security/.gitignore
similarity index 100%
rename from .gitignore
rename to src/Security/.gitignore
diff --git a/Directory.Build.props b/src/Security/Directory.Build.props
similarity index 100%
rename from Directory.Build.props
rename to src/Security/Directory.Build.props
diff --git a/Directory.Build.targets b/src/Security/Directory.Build.targets
similarity index 100%
rename from Directory.Build.targets
rename to src/Security/Directory.Build.targets
diff --git a/NuGetPackageVerifier.json b/src/Security/NuGetPackageVerifier.json
similarity index 100%
rename from NuGetPackageVerifier.json
rename to src/Security/NuGetPackageVerifier.json
diff --git a/README.md b/src/Security/README.md
similarity index 100%
rename from README.md
rename to src/Security/README.md
diff --git a/Security.sln b/src/Security/Security.sln
similarity index 100%
rename from Security.sln
rename to src/Security/Security.sln
diff --git a/benchmarks/Microsoft.AspNetCore.Security.Performance/AuthorizationMiddlewareBenchmark.cs b/src/Security/benchmarks/Microsoft.AspNetCore.Security.Performance/AuthorizationMiddlewareBenchmark.cs
similarity index 100%
rename from benchmarks/Microsoft.AspNetCore.Security.Performance/AuthorizationMiddlewareBenchmark.cs
rename to src/Security/benchmarks/Microsoft.AspNetCore.Security.Performance/AuthorizationMiddlewareBenchmark.cs
diff --git a/benchmarks/Microsoft.AspNetCore.Security.Performance/AuthorizationPolicyBenchmark.cs b/src/Security/benchmarks/Microsoft.AspNetCore.Security.Performance/AuthorizationPolicyBenchmark.cs
similarity index 100%
rename from benchmarks/Microsoft.AspNetCore.Security.Performance/AuthorizationPolicyBenchmark.cs
rename to src/Security/benchmarks/Microsoft.AspNetCore.Security.Performance/AuthorizationPolicyBenchmark.cs
diff --git a/benchmarks/Microsoft.AspNetCore.Security.Performance/Microsoft.AspNetCore.Security.Performance.csproj b/src/Security/benchmarks/Microsoft.AspNetCore.Security.Performance/Microsoft.AspNetCore.Security.Performance.csproj
similarity index 100%
rename from benchmarks/Microsoft.AspNetCore.Security.Performance/Microsoft.AspNetCore.Security.Performance.csproj
rename to src/Security/benchmarks/Microsoft.AspNetCore.Security.Performance/Microsoft.AspNetCore.Security.Performance.csproj
diff --git a/benchmarks/Microsoft.AspNetCore.Security.Performance/Properties/AssemblyInfo.cs b/src/Security/benchmarks/Microsoft.AspNetCore.Security.Performance/Properties/AssemblyInfo.cs
similarity index 100%
rename from benchmarks/Microsoft.AspNetCore.Security.Performance/Properties/AssemblyInfo.cs
rename to src/Security/benchmarks/Microsoft.AspNetCore.Security.Performance/Properties/AssemblyInfo.cs
diff --git a/benchmarks/Microsoft.AspNetCore.Security.Performance/readme.md b/src/Security/benchmarks/Microsoft.AspNetCore.Security.Performance/readme.md
similarity index 100%
rename from benchmarks/Microsoft.AspNetCore.Security.Performance/readme.md
rename to src/Security/benchmarks/Microsoft.AspNetCore.Security.Performance/readme.md
diff --git a/build/Key.snk b/src/Security/build/Key.snk
similarity index 100%
rename from build/Key.snk
rename to src/Security/build/Key.snk
diff --git a/build/dependencies.props b/src/Security/build/dependencies.props
similarity index 100%
rename from build/dependencies.props
rename to src/Security/build/dependencies.props
diff --git a/build/repo.props b/src/Security/build/repo.props
similarity index 100%
rename from build/repo.props
rename to src/Security/build/repo.props
diff --git a/build/sources.props b/src/Security/build/sources.props
similarity index 100%
rename from build/sources.props
rename to src/Security/build/sources.props
diff --git a/samples/CookiePolicySample/CookiePolicySample.csproj b/src/Security/samples/CookiePolicySample/CookiePolicySample.csproj
similarity index 100%
rename from samples/CookiePolicySample/CookiePolicySample.csproj
rename to src/Security/samples/CookiePolicySample/CookiePolicySample.csproj
diff --git a/samples/CookiePolicySample/Program.cs b/src/Security/samples/CookiePolicySample/Program.cs
similarity index 100%
rename from samples/CookiePolicySample/Program.cs
rename to src/Security/samples/CookiePolicySample/Program.cs
diff --git a/samples/CookiePolicySample/Properties/launchSettings.json b/src/Security/samples/CookiePolicySample/Properties/launchSettings.json
similarity index 100%
rename from samples/CookiePolicySample/Properties/launchSettings.json
rename to src/Security/samples/CookiePolicySample/Properties/launchSettings.json
diff --git a/samples/CookiePolicySample/Startup.cs b/src/Security/samples/CookiePolicySample/Startup.cs
similarity index 100%
rename from samples/CookiePolicySample/Startup.cs
rename to src/Security/samples/CookiePolicySample/Startup.cs
diff --git a/samples/CookieSample/CookieSample.csproj b/src/Security/samples/CookieSample/CookieSample.csproj
similarity index 100%
rename from samples/CookieSample/CookieSample.csproj
rename to src/Security/samples/CookieSample/CookieSample.csproj
diff --git a/samples/CookieSample/Program.cs b/src/Security/samples/CookieSample/Program.cs
similarity index 100%
rename from samples/CookieSample/Program.cs
rename to src/Security/samples/CookieSample/Program.cs
diff --git a/samples/CookieSample/Properties/launchSettings.json b/src/Security/samples/CookieSample/Properties/launchSettings.json
similarity index 100%
rename from samples/CookieSample/Properties/launchSettings.json
rename to src/Security/samples/CookieSample/Properties/launchSettings.json
diff --git a/samples/CookieSample/Startup.cs b/src/Security/samples/CookieSample/Startup.cs
similarity index 100%
rename from samples/CookieSample/Startup.cs
rename to src/Security/samples/CookieSample/Startup.cs
diff --git a/samples/CookieSessionSample/CookieSessionSample.csproj b/src/Security/samples/CookieSessionSample/CookieSessionSample.csproj
similarity index 100%
rename from samples/CookieSessionSample/CookieSessionSample.csproj
rename to src/Security/samples/CookieSessionSample/CookieSessionSample.csproj
diff --git a/samples/CookieSessionSample/MemoryCacheTicketStore.cs b/src/Security/samples/CookieSessionSample/MemoryCacheTicketStore.cs
similarity index 100%
rename from samples/CookieSessionSample/MemoryCacheTicketStore.cs
rename to src/Security/samples/CookieSessionSample/MemoryCacheTicketStore.cs
diff --git a/samples/CookieSessionSample/Program.cs b/src/Security/samples/CookieSessionSample/Program.cs
similarity index 100%
rename from samples/CookieSessionSample/Program.cs
rename to src/Security/samples/CookieSessionSample/Program.cs
diff --git a/samples/CookieSessionSample/Properties/launchSettings.json b/src/Security/samples/CookieSessionSample/Properties/launchSettings.json
similarity index 100%
rename from samples/CookieSessionSample/Properties/launchSettings.json
rename to src/Security/samples/CookieSessionSample/Properties/launchSettings.json
diff --git a/samples/CookieSessionSample/Startup.cs b/src/Security/samples/CookieSessionSample/Startup.cs
similarity index 100%
rename from samples/CookieSessionSample/Startup.cs
rename to src/Security/samples/CookieSessionSample/Startup.cs
diff --git a/samples/JwtBearerSample/JwtBearerSample.csproj b/src/Security/samples/JwtBearerSample/JwtBearerSample.csproj
similarity index 100%
rename from samples/JwtBearerSample/JwtBearerSample.csproj
rename to src/Security/samples/JwtBearerSample/JwtBearerSample.csproj
diff --git a/samples/JwtBearerSample/Program.cs b/src/Security/samples/JwtBearerSample/Program.cs
similarity index 100%
rename from samples/JwtBearerSample/Program.cs
rename to src/Security/samples/JwtBearerSample/Program.cs
diff --git a/samples/JwtBearerSample/Properties/launchSettings.json b/src/Security/samples/JwtBearerSample/Properties/launchSettings.json
similarity index 100%
rename from samples/JwtBearerSample/Properties/launchSettings.json
rename to src/Security/samples/JwtBearerSample/Properties/launchSettings.json
diff --git a/samples/JwtBearerSample/Startup.cs b/src/Security/samples/JwtBearerSample/Startup.cs
similarity index 100%
rename from samples/JwtBearerSample/Startup.cs
rename to src/Security/samples/JwtBearerSample/Startup.cs
diff --git a/samples/JwtBearerSample/Todo.cs b/src/Security/samples/JwtBearerSample/Todo.cs
similarity index 100%
rename from samples/JwtBearerSample/Todo.cs
rename to src/Security/samples/JwtBearerSample/Todo.cs
diff --git a/samples/JwtBearerSample/wwwroot/App/Scripts/app.js b/src/Security/samples/JwtBearerSample/wwwroot/App/Scripts/app.js
similarity index 100%
rename from samples/JwtBearerSample/wwwroot/App/Scripts/app.js
rename to src/Security/samples/JwtBearerSample/wwwroot/App/Scripts/app.js
diff --git a/samples/JwtBearerSample/wwwroot/App/Scripts/homeCtrl.js b/src/Security/samples/JwtBearerSample/wwwroot/App/Scripts/homeCtrl.js
similarity index 100%
rename from samples/JwtBearerSample/wwwroot/App/Scripts/homeCtrl.js
rename to src/Security/samples/JwtBearerSample/wwwroot/App/Scripts/homeCtrl.js
diff --git a/samples/JwtBearerSample/wwwroot/App/Scripts/indexCtrl.js b/src/Security/samples/JwtBearerSample/wwwroot/App/Scripts/indexCtrl.js
similarity index 100%
rename from samples/JwtBearerSample/wwwroot/App/Scripts/indexCtrl.js
rename to src/Security/samples/JwtBearerSample/wwwroot/App/Scripts/indexCtrl.js
diff --git a/samples/JwtBearerSample/wwwroot/App/Scripts/todoListCtrl.js b/src/Security/samples/JwtBearerSample/wwwroot/App/Scripts/todoListCtrl.js
similarity index 100%
rename from samples/JwtBearerSample/wwwroot/App/Scripts/todoListCtrl.js
rename to src/Security/samples/JwtBearerSample/wwwroot/App/Scripts/todoListCtrl.js
diff --git a/samples/JwtBearerSample/wwwroot/App/Scripts/todoListSvc.js b/src/Security/samples/JwtBearerSample/wwwroot/App/Scripts/todoListSvc.js
similarity index 100%
rename from samples/JwtBearerSample/wwwroot/App/Scripts/todoListSvc.js
rename to src/Security/samples/JwtBearerSample/wwwroot/App/Scripts/todoListSvc.js
diff --git a/samples/JwtBearerSample/wwwroot/App/Scripts/userDataCtrl.js b/src/Security/samples/JwtBearerSample/wwwroot/App/Scripts/userDataCtrl.js
similarity index 100%
rename from samples/JwtBearerSample/wwwroot/App/Scripts/userDataCtrl.js
rename to src/Security/samples/JwtBearerSample/wwwroot/App/Scripts/userDataCtrl.js
diff --git a/samples/JwtBearerSample/wwwroot/App/Views/Home.html b/src/Security/samples/JwtBearerSample/wwwroot/App/Views/Home.html
similarity index 100%
rename from samples/JwtBearerSample/wwwroot/App/Views/Home.html
rename to src/Security/samples/JwtBearerSample/wwwroot/App/Views/Home.html
diff --git a/samples/JwtBearerSample/wwwroot/App/Views/TodoList.html b/src/Security/samples/JwtBearerSample/wwwroot/App/Views/TodoList.html
similarity index 100%
rename from samples/JwtBearerSample/wwwroot/App/Views/TodoList.html
rename to src/Security/samples/JwtBearerSample/wwwroot/App/Views/TodoList.html
diff --git a/samples/JwtBearerSample/wwwroot/App/Views/UserData.html b/src/Security/samples/JwtBearerSample/wwwroot/App/Views/UserData.html
similarity index 100%
rename from samples/JwtBearerSample/wwwroot/App/Views/UserData.html
rename to src/Security/samples/JwtBearerSample/wwwroot/App/Views/UserData.html
diff --git a/samples/JwtBearerSample/wwwroot/index.html b/src/Security/samples/JwtBearerSample/wwwroot/index.html
similarity index 100%
rename from samples/JwtBearerSample/wwwroot/index.html
rename to src/Security/samples/JwtBearerSample/wwwroot/index.html
diff --git a/samples/OpenIdConnect.AzureAdSample/AuthPropertiesTokenCache.cs b/src/Security/samples/OpenIdConnect.AzureAdSample/AuthPropertiesTokenCache.cs
similarity index 100%
rename from samples/OpenIdConnect.AzureAdSample/AuthPropertiesTokenCache.cs
rename to src/Security/samples/OpenIdConnect.AzureAdSample/AuthPropertiesTokenCache.cs
diff --git a/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj b/src/Security/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
similarity index 100%
rename from samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
rename to src/Security/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
diff --git a/samples/OpenIdConnect.AzureAdSample/Program.cs b/src/Security/samples/OpenIdConnect.AzureAdSample/Program.cs
similarity index 100%
rename from samples/OpenIdConnect.AzureAdSample/Program.cs
rename to src/Security/samples/OpenIdConnect.AzureAdSample/Program.cs
diff --git a/samples/OpenIdConnect.AzureAdSample/Properties/launchSettings.json b/src/Security/samples/OpenIdConnect.AzureAdSample/Properties/launchSettings.json
similarity index 100%
rename from samples/OpenIdConnect.AzureAdSample/Properties/launchSettings.json
rename to src/Security/samples/OpenIdConnect.AzureAdSample/Properties/launchSettings.json
diff --git a/samples/OpenIdConnect.AzureAdSample/Readme.md b/src/Security/samples/OpenIdConnect.AzureAdSample/Readme.md
similarity index 100%
rename from samples/OpenIdConnect.AzureAdSample/Readme.md
rename to src/Security/samples/OpenIdConnect.AzureAdSample/Readme.md
diff --git a/samples/OpenIdConnect.AzureAdSample/Startup.cs b/src/Security/samples/OpenIdConnect.AzureAdSample/Startup.cs
similarity index 100%
rename from samples/OpenIdConnect.AzureAdSample/Startup.cs
rename to src/Security/samples/OpenIdConnect.AzureAdSample/Startup.cs
diff --git a/samples/OpenIdConnectSample/OpenIdConnectSample.csproj b/src/Security/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
similarity index 100%
rename from samples/OpenIdConnectSample/OpenIdConnectSample.csproj
rename to src/Security/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
diff --git a/samples/OpenIdConnectSample/Program.cs b/src/Security/samples/OpenIdConnectSample/Program.cs
similarity index 100%
rename from samples/OpenIdConnectSample/Program.cs
rename to src/Security/samples/OpenIdConnectSample/Program.cs
diff --git a/samples/OpenIdConnectSample/Properties/launchSettings.json b/src/Security/samples/OpenIdConnectSample/Properties/launchSettings.json
similarity index 100%
rename from samples/OpenIdConnectSample/Properties/launchSettings.json
rename to src/Security/samples/OpenIdConnectSample/Properties/launchSettings.json
diff --git a/samples/OpenIdConnectSample/Readme.md b/src/Security/samples/OpenIdConnectSample/Readme.md
similarity index 100%
rename from samples/OpenIdConnectSample/Readme.md
rename to src/Security/samples/OpenIdConnectSample/Readme.md
diff --git a/samples/OpenIdConnectSample/Startup.cs b/src/Security/samples/OpenIdConnectSample/Startup.cs
similarity index 100%
rename from samples/OpenIdConnectSample/Startup.cs
rename to src/Security/samples/OpenIdConnectSample/Startup.cs
diff --git a/samples/OpenIdConnectSample/compiler/resources/cert.pfx b/src/Security/samples/OpenIdConnectSample/compiler/resources/cert.pfx
similarity index 100%
rename from samples/OpenIdConnectSample/compiler/resources/cert.pfx
rename to src/Security/samples/OpenIdConnectSample/compiler/resources/cert.pfx
diff --git a/samples/SocialSample/Program.cs b/src/Security/samples/SocialSample/Program.cs
similarity index 100%
rename from samples/SocialSample/Program.cs
rename to src/Security/samples/SocialSample/Program.cs
diff --git a/samples/SocialSample/Properties/launchSettings.json b/src/Security/samples/SocialSample/Properties/launchSettings.json
similarity index 100%
rename from samples/SocialSample/Properties/launchSettings.json
rename to src/Security/samples/SocialSample/Properties/launchSettings.json
diff --git a/samples/SocialSample/SocialSample.csproj b/src/Security/samples/SocialSample/SocialSample.csproj
similarity index 100%
rename from samples/SocialSample/SocialSample.csproj
rename to src/Security/samples/SocialSample/SocialSample.csproj
diff --git a/samples/SocialSample/Startup.cs b/src/Security/samples/SocialSample/Startup.cs
similarity index 100%
rename from samples/SocialSample/Startup.cs
rename to src/Security/samples/SocialSample/Startup.cs
diff --git a/samples/SocialSample/compiler/resources/cert.pfx b/src/Security/samples/SocialSample/compiler/resources/cert.pfx
similarity index 100%
rename from samples/SocialSample/compiler/resources/cert.pfx
rename to src/Security/samples/SocialSample/compiler/resources/cert.pfx
diff --git a/samples/SocialSample/web.config b/src/Security/samples/SocialSample/web.config
similarity index 100%
rename from samples/SocialSample/web.config
rename to src/Security/samples/SocialSample/web.config
diff --git a/samples/WsFedSample/Program.cs b/src/Security/samples/WsFedSample/Program.cs
similarity index 100%
rename from samples/WsFedSample/Program.cs
rename to src/Security/samples/WsFedSample/Program.cs
diff --git a/samples/WsFedSample/Properties/launchSettings.json b/src/Security/samples/WsFedSample/Properties/launchSettings.json
similarity index 100%
rename from samples/WsFedSample/Properties/launchSettings.json
rename to src/Security/samples/WsFedSample/Properties/launchSettings.json
diff --git a/samples/WsFedSample/Startup.cs b/src/Security/samples/WsFedSample/Startup.cs
similarity index 100%
rename from samples/WsFedSample/Startup.cs
rename to src/Security/samples/WsFedSample/Startup.cs
diff --git a/samples/WsFedSample/WsFedSample.csproj b/src/Security/samples/WsFedSample/WsFedSample.csproj
similarity index 100%
rename from samples/WsFedSample/WsFedSample.csproj
rename to src/Security/samples/WsFedSample/WsFedSample.csproj
diff --git a/samples/WsFedSample/compiler/resources/cert.pfx b/src/Security/samples/WsFedSample/compiler/resources/cert.pfx
similarity index 100%
rename from samples/WsFedSample/compiler/resources/cert.pfx
rename to src/Security/samples/WsFedSample/compiler/resources/cert.pfx
diff --git a/shared/Microsoft.AspNetCore.ChunkingCookieManager.Sources/ChunkingCookieManager.cs b/src/Security/shared/Microsoft.AspNetCore.ChunkingCookieManager.Sources/ChunkingCookieManager.cs
similarity index 100%
rename from shared/Microsoft.AspNetCore.ChunkingCookieManager.Sources/ChunkingCookieManager.cs
rename to src/Security/shared/Microsoft.AspNetCore.ChunkingCookieManager.Sources/ChunkingCookieManager.cs
diff --git a/src/Directory.Build.props b/src/Security/src/Directory.Build.props
similarity index 100%
rename from src/Directory.Build.props
rename to src/Security/src/Directory.Build.props
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Constants.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/Constants.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Cookies/Constants.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/Constants.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAppBuilderExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAppBuilderExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Cookies/CookieAppBuilderExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAppBuilderExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationDefaults.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationDefaults.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationDefaults.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationDefaults.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/CookieExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Cookies/CookieExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/CookieExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieAuthenticationEvents.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSignedInContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSignedInContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSignedInContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSignedInContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningInContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningInContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningInContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningInContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningOutContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningOutContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningOutContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningOutContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieValidatePrincipalContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieValidatePrincipalContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieValidatePrincipalContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieValidatePrincipalContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/ICookieManager.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/ICookieManager.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Cookies/ICookieManager.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/ICookieManager.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/ITicketStore.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/ITicketStore.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Cookies/ITicketStore.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/ITicketStore.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/LoggingExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/LoggingExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Cookies/LoggingExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/LoggingExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj b/src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/PostConfigureCookieAuthenticationOptions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/PostConfigureCookieAuthenticationOptions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Cookies/PostConfigureCookieAuthenticationOptions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/PostConfigureCookieAuthenticationOptions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/baseline.netcore.json b/src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/baseline.netcore.json
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Cookies/baseline.netcore.json
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/baseline.netcore.json
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/breakingchanges.netcore.json b/src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/breakingchanges.netcore.json
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Cookies/breakingchanges.netcore.json
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/breakingchanges.netcore.json
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookAppBuilderExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookAppBuilderExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Facebook/FacebookAppBuilderExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookAppBuilderExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookDefaults.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookDefaults.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Facebook/FacebookDefaults.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookDefaults.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Facebook/FacebookExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookOptions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookOptions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Facebook/FacebookOptions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookOptions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj b/src/Security/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/Properties/Resources.Designer.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Facebook/Properties/Resources.Designer.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Facebook/Properties/Resources.Designer.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Facebook/Properties/Resources.Designer.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/Resources.resx b/src/Security/src/Microsoft.AspNetCore.Authentication.Facebook/Resources.resx
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Facebook/Resources.resx
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Facebook/Resources.resx
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/baseline.netcore.json b/src/Security/src/Microsoft.AspNetCore.Authentication.Facebook/baseline.netcore.json
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Facebook/baseline.netcore.json
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Facebook/baseline.netcore.json
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleAppBuilderExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Google/GoogleAppBuilderExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Google/GoogleAppBuilderExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Google/GoogleAppBuilderExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleChallengeProperties.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Google/GoogleChallengeProperties.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Google/GoogleChallengeProperties.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Google/GoogleChallengeProperties.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleDefaults.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Google/GoogleDefaults.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Google/GoogleDefaults.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Google/GoogleDefaults.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleHelper.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Google/GoogleHelper.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Google/GoogleHelper.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Google/GoogleHelper.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleOptions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Google/GoogleOptions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Google/GoogleOptions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Google/GoogleOptions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj b/src/Security/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/Properties/Resources.Designer.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Google/Properties/Resources.Designer.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Google/Properties/Resources.Designer.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Google/Properties/Resources.Designer.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/Resources.resx b/src/Security/src/Microsoft.AspNetCore.Authentication.Google/Resources.resx
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Google/Resources.resx
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Google/Resources.resx
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/baseline.netcore.json b/src/Security/src/Microsoft.AspNetCore.Authentication.Google/baseline.netcore.json
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Google/baseline.netcore.json
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Google/baseline.netcore.json
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerEvents.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerEvents.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerEvents.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerEvents.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/MessageReceivedContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/MessageReceivedContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/MessageReceivedContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/MessageReceivedContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/TokenValidatedContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/TokenValidatedContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/TokenValidatedContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/TokenValidatedContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerDefaults.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerDefaults.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerDefaults.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerDefaults.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerPostConfigureOptions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerPostConfigureOptions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerPostConfigureOptions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerPostConfigureOptions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/LoggingExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/LoggingExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.JwtBearer/LoggingExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/LoggingExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj b/src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
rename to src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Properties/Resources.Designer.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/Properties/Resources.Designer.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.JwtBearer/Properties/Resources.Designer.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/Properties/Resources.Designer.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Resources.resx b/src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/Resources.resx
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.JwtBearer/Resources.resx
rename to src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/Resources.resx
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/baseline.netcore.json b/src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/baseline.netcore.json
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.JwtBearer/baseline.netcore.json
rename to src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/baseline.netcore.json
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/breakingchanges.netcore.json b/src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/breakingchanges.netcore.json
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.JwtBearer/breakingchanges.netcore.json
rename to src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/breakingchanges.netcore.json
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj b/src/Security/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj
rename to src/Security/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountDefaults.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountDefaults.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountDefaults.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountDefaults.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Properties/Resources.Designer.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Properties/Resources.Designer.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Properties/Resources.Designer.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Properties/Resources.Designer.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Resources.resx b/src/Security/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Resources.resx
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Resources.resx
rename to src/Security/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Resources.resx
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/baseline.netcore.json b/src/Security/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/baseline.netcore.json
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/baseline.netcore.json
rename to src/Security/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/baseline.netcore.json
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimAction.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimAction.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimAction.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimAction.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimActionCollection.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimActionCollection.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimActionCollection.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimActionCollection.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimActionCollectionMapExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimActionCollectionMapExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimActionCollectionMapExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimActionCollectionMapExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/CustomJsonClaimAction.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/CustomJsonClaimAction.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OAuth/Claims/CustomJsonClaimAction.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/CustomJsonClaimAction.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/DeleteClaimAction.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/DeleteClaimAction.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OAuth/Claims/DeleteClaimAction.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/DeleteClaimAction.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/JsonKeyClaimAction.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/JsonKeyClaimAction.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OAuth/Claims/JsonKeyClaimAction.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/JsonKeyClaimAction.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/JsonSubKeyClaimAction.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/JsonSubKeyClaimAction.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OAuth/Claims/JsonSubKeyClaimAction.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/JsonSubKeyClaimAction.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/MapAllClaimsAction.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/MapAllClaimsAction.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OAuth/Claims/MapAllClaimsAction.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/MapAllClaimsAction.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthEvents.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthEvents.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthEvents.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthEvents.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj b/src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthAppBuilderExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthAppBuilderExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OAuth/OAuthAppBuilderExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthAppBuilderExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthChallengeProperties.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthChallengeProperties.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OAuth/OAuthChallengeProperties.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthChallengeProperties.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthDefaults.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthDefaults.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OAuth/OAuthDefaults.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthDefaults.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OAuth/OAuthExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthPostConfigureOptions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthPostConfigureOptions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OAuth/OAuthPostConfigureOptions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthPostConfigureOptions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthTokenResponse.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthTokenResponse.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OAuth/OAuthTokenResponse.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthTokenResponse.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Properties/Resources.Designer.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Properties/Resources.Designer.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OAuth/Properties/Resources.Designer.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Properties/Resources.Designer.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Resources.resx b/src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Resources.resx
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OAuth/Resources.resx
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Resources.resx
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/baseline.netcore.json b/src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/baseline.netcore.json
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OAuth/baseline.netcore.json
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/baseline.netcore.json
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Claims/ClaimActionCollectionUniqueExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Claims/ClaimActionCollectionUniqueExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Claims/ClaimActionCollectionUniqueExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Claims/ClaimActionCollectionUniqueExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Claims/UniqueJsonKeyClaimAction.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Claims/UniqueJsonKeyClaimAction.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Claims/UniqueJsonKeyClaimAction.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Claims/UniqueJsonKeyClaimAction.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthenticationFailedContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthenticationFailedContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthenticationFailedContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthenticationFailedContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RedirectContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RedirectContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RedirectContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RedirectContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RemoteSignoutContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RemoteSignoutContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RemoteSignoutContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RemoteSignoutContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenValidatedContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenValidatedContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenValidatedContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenValidatedContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/UserInformationReceivedContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/UserInformationReceivedContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/UserInformationReceivedContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/UserInformationReceivedContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/LoggingExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/LoggingExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/LoggingExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/LoggingExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj b/src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectAppBuilderExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectAppBuilderExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectAppBuilderExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectAppBuilderExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectChallengeProperties.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectChallengeProperties.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectChallengeProperties.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectChallengeProperties.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectDefaults.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectDefaults.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectDefaults.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectDefaults.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectPostConfigureOptions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectPostConfigureOptions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectPostConfigureOptions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectPostConfigureOptions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectRedirectBehavior.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectRedirectBehavior.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectRedirectBehavior.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectRedirectBehavior.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Properties/Resources.Designer.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Properties/Resources.Designer.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Properties/Resources.Designer.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Properties/Resources.Designer.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Resources.resx b/src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Resources.resx
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Resources.resx
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Resources.resx
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/baseline.netcore.json b/src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/baseline.netcore.json
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/baseline.netcore.json
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/baseline.netcore.json
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterCreatingTicketContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterCreatingTicketContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterCreatingTicketContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterCreatingTicketContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterEvents.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterEvents.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterEvents.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterEvents.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/LoggingExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/LoggingExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Twitter/LoggingExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/LoggingExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Messages/AccessToken.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/Messages/AccessToken.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Twitter/Messages/AccessToken.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/Messages/AccessToken.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Messages/RequestToken.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/Messages/RequestToken.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Twitter/Messages/RequestToken.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/Messages/RequestToken.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Messages/RequestTokenSerializer.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/Messages/RequestTokenSerializer.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Twitter/Messages/RequestTokenSerializer.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/Messages/RequestTokenSerializer.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj b/src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Properties/Resources.Designer.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/Properties/Resources.Designer.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Twitter/Properties/Resources.Designer.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/Properties/Resources.Designer.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Resources.resx b/src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/Resources.resx
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Twitter/Resources.resx
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/Resources.resx
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterAppBuilderExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterAppBuilderExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Twitter/TwitterAppBuilderExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterAppBuilderExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterDefaults.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterDefaults.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Twitter/TwitterDefaults.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterDefaults.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Twitter/TwitterExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterPostConfigureOptions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterPostConfigureOptions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Twitter/TwitterPostConfigureOptions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterPostConfigureOptions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/baseline.netcore.json b/src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/baseline.netcore.json
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Twitter/baseline.netcore.json
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/baseline.netcore.json
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/AuthenticationFailedContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/AuthenticationFailedContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.WsFederation/Events/AuthenticationFailedContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/AuthenticationFailedContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/MessageReceivedContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/MessageReceivedContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.WsFederation/Events/MessageReceivedContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/MessageReceivedContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/RedirectContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/RedirectContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.WsFederation/Events/RedirectContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/RedirectContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/RemoteSignoutContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/RemoteSignoutContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.WsFederation/Events/RemoteSignoutContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/RemoteSignoutContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/SecurityTokenReceivedContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/SecurityTokenReceivedContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.WsFederation/Events/SecurityTokenReceivedContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/SecurityTokenReceivedContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/SecurityTokenValidatedContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/SecurityTokenValidatedContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.WsFederation/Events/SecurityTokenValidatedContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/SecurityTokenValidatedContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/WsFederationEvents.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/WsFederationEvents.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.WsFederation/Events/WsFederationEvents.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/WsFederationEvents.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/LoggingExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/LoggingExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.WsFederation/LoggingExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/LoggingExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/Microsoft.AspNetCore.Authentication.WsFederation.csproj b/src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/Microsoft.AspNetCore.Authentication.WsFederation.csproj
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.WsFederation/Microsoft.AspNetCore.Authentication.WsFederation.csproj
rename to src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/Microsoft.AspNetCore.Authentication.WsFederation.csproj
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/Properties/Resources.Designer.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/Properties/Resources.Designer.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.WsFederation/Properties/Resources.Designer.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/Properties/Resources.Designer.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/Resources.resx b/src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/Resources.resx
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.WsFederation/Resources.resx
rename to src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/Resources.resx
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationDefaults.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationDefaults.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationDefaults.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationDefaults.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationHandler.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationHandler.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationHandler.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationHandler.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationOptions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationOptions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationOptions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationOptions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationPostConfigureOptions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationPostConfigureOptions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationPostConfigureOptions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationPostConfigureOptions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/baseline.netcore.json b/src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/baseline.netcore.json
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.WsFederation/baseline.netcore.json
rename to src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/baseline.netcore.json
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthAppBuilderExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/AuthAppBuilderExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/AuthAppBuilderExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/AuthAppBuilderExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationBuilder.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/AuthenticationBuilder.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/AuthenticationBuilder.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/AuthenticationBuilder.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationMiddleware.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/AuthenticationMiddleware.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/AuthenticationMiddleware.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/AuthenticationMiddleware.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationSchemeOptions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/AuthenticationSchemeOptions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/AuthenticationSchemeOptions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/AuthenticationSchemeOptions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/Data/IDataSerializer.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/Data/IDataSerializer.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/Data/IDataSerializer.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/Data/IDataSerializer.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/Data/ISecureDataFormat.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/Data/ISecureDataFormat.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/Data/ISecureDataFormat.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/Data/ISecureDataFormat.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/Data/PropertiesDataFormat.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/Data/PropertiesDataFormat.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/Data/PropertiesDataFormat.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/Data/PropertiesDataFormat.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/Data/PropertiesSerializer.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/Data/PropertiesSerializer.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/Data/PropertiesSerializer.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/Data/PropertiesSerializer.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/Data/SecureDataFormat.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/Data/SecureDataFormat.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/Data/SecureDataFormat.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/Data/SecureDataFormat.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/Data/TextEncoder.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/Data/TextEncoder.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/Data/TextEncoder.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/Data/TextEncoder.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/Data/TicketDataFormat.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/Data/TicketDataFormat.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/Data/TicketDataFormat.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/Data/TicketDataFormat.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/Data/TicketSerializer.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/Data/TicketSerializer.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/Data/TicketSerializer.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/Data/TicketSerializer.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/AccessDeniedContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/Events/AccessDeniedContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/Events/AccessDeniedContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/Events/AccessDeniedContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/BaseContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/Events/BaseContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/Events/BaseContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/Events/BaseContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/HandleRequestContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/Events/HandleRequestContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/Events/HandleRequestContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/Events/HandleRequestContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/PrincipalContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/Events/PrincipalContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/Events/PrincipalContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/Events/PrincipalContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/PropertiesContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/Events/PropertiesContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/Events/PropertiesContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/Events/PropertiesContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/RedirectContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/Events/RedirectContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/Events/RedirectContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/Events/RedirectContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationEvents.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationEvents.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationEvents.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationEvents.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/RemoteFailureContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/Events/RemoteFailureContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/Events/RemoteFailureContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/Events/RemoteFailureContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/ResultContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/Events/ResultContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/Events/ResultContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/Events/ResultContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/TicketReceivedContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/Events/TicketReceivedContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/Events/TicketReceivedContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/Events/TicketReceivedContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/HandleRequestResult.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/HandleRequestResult.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/HandleRequestResult.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/HandleRequestResult.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/ISystemClock.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/ISystemClock.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/ISystemClock.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/ISystemClock.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/Internal/RequestPathBaseCookieBuilder.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/Internal/RequestPathBaseCookieBuilder.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/Internal/RequestPathBaseCookieBuilder.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/Internal/RequestPathBaseCookieBuilder.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/LoggingExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/LoggingExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/LoggingExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/LoggingExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj b/src/Security/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
rename to src/Security/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
diff --git a/src/Microsoft.AspNetCore.Authentication/PolicySchemeHandler.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/PolicySchemeHandler.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/PolicySchemeHandler.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/PolicySchemeHandler.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/PolicySchemeOptions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/PolicySchemeOptions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/PolicySchemeOptions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/PolicySchemeOptions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/Properties/Resources.Designer.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/Properties/Resources.Designer.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/Properties/Resources.Designer.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/Properties/Resources.Designer.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/Resources.resx b/src/Security/src/Microsoft.AspNetCore.Authentication/Resources.resx
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/Resources.resx
rename to src/Security/src/Microsoft.AspNetCore.Authentication/Resources.resx
diff --git a/src/Microsoft.AspNetCore.Authentication/SignInAuthenticationHandler.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/SignInAuthenticationHandler.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/SignInAuthenticationHandler.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/SignInAuthenticationHandler.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/SignOutAuthenticationHandler.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/SignOutAuthenticationHandler.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/SignOutAuthenticationHandler.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/SignOutAuthenticationHandler.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/SystemClock.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/SystemClock.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/SystemClock.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/SystemClock.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/baseline.netcore.json b/src/Security/src/Microsoft.AspNetCore.Authentication/baseline.netcore.json
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/baseline.netcore.json
rename to src/Security/src/Microsoft.AspNetCore.Authentication/baseline.netcore.json
diff --git a/src/Microsoft.AspNetCore.Authentication/breakingchanges.netcore.json b/src/Security/src/Microsoft.AspNetCore.Authentication/breakingchanges.netcore.json
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/breakingchanges.netcore.json
rename to src/Security/src/Microsoft.AspNetCore.Authentication/breakingchanges.netcore.json
diff --git a/src/Microsoft.AspNetCore.Authorization.Policy/AuthorizationAppBuilderExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authorization.Policy/AuthorizationAppBuilderExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization.Policy/AuthorizationAppBuilderExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization.Policy/AuthorizationAppBuilderExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authorization.Policy/AuthorizationEndpointConventionBuilderExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authorization.Policy/AuthorizationEndpointConventionBuilderExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization.Policy/AuthorizationEndpointConventionBuilderExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization.Policy/AuthorizationEndpointConventionBuilderExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authorization.Policy/AuthorizationMiddleware.cs b/src/Security/src/Microsoft.AspNetCore.Authorization.Policy/AuthorizationMiddleware.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization.Policy/AuthorizationMiddleware.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization.Policy/AuthorizationMiddleware.cs
diff --git a/src/Microsoft.AspNetCore.Authorization.Policy/IPolicyEvaluator.cs b/src/Security/src/Microsoft.AspNetCore.Authorization.Policy/IPolicyEvaluator.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization.Policy/IPolicyEvaluator.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization.Policy/IPolicyEvaluator.cs
diff --git a/src/Microsoft.AspNetCore.Authorization.Policy/Microsoft.AspNetCore.Authorization.Policy.csproj b/src/Security/src/Microsoft.AspNetCore.Authorization.Policy/Microsoft.AspNetCore.Authorization.Policy.csproj
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization.Policy/Microsoft.AspNetCore.Authorization.Policy.csproj
rename to src/Security/src/Microsoft.AspNetCore.Authorization.Policy/Microsoft.AspNetCore.Authorization.Policy.csproj
diff --git a/src/Microsoft.AspNetCore.Authorization.Policy/PolicyAuthorizationResult.cs b/src/Security/src/Microsoft.AspNetCore.Authorization.Policy/PolicyAuthorizationResult.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization.Policy/PolicyAuthorizationResult.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization.Policy/PolicyAuthorizationResult.cs
diff --git a/src/Microsoft.AspNetCore.Authorization.Policy/PolicyEvaluator.cs b/src/Security/src/Microsoft.AspNetCore.Authorization.Policy/PolicyEvaluator.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization.Policy/PolicyEvaluator.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization.Policy/PolicyEvaluator.cs
diff --git a/src/Microsoft.AspNetCore.Authorization.Policy/PolicyServiceCollectionExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authorization.Policy/PolicyServiceCollectionExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization.Policy/PolicyServiceCollectionExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization.Policy/PolicyServiceCollectionExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authorization.Policy/baseline.netcore.json b/src/Security/src/Microsoft.AspNetCore.Authorization.Policy/baseline.netcore.json
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization.Policy/baseline.netcore.json
rename to src/Security/src/Microsoft.AspNetCore.Authorization.Policy/baseline.netcore.json
diff --git a/src/Microsoft.AspNetCore.Authorization/AllowAnonymousAttribute.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/AllowAnonymousAttribute.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/AllowAnonymousAttribute.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/AllowAnonymousAttribute.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationFailure.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/AuthorizationFailure.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/AuthorizationFailure.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/AuthorizationFailure.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationHandler.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/AuthorizationHandler.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/AuthorizationHandler.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/AuthorizationHandler.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationHandlerContext.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/AuthorizationHandlerContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/AuthorizationHandlerContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/AuthorizationHandlerContext.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationOptions.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/AuthorizationOptions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/AuthorizationOptions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/AuthorizationOptions.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicy.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicy.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/AuthorizationPolicy.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicy.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicyBuilder.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicyBuilder.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/AuthorizationPolicyBuilder.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicyBuilder.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationResult.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/AuthorizationResult.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/AuthorizationResult.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/AuthorizationResult.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceCollectionExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceCollectionExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/AuthorizationServiceCollectionExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceCollectionExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/AuthorizationServiceExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizeAttribute.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/AuthorizeAttribute.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/AuthorizeAttribute.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/AuthorizeAttribute.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationEvaluator.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationEvaluator.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationEvaluator.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationEvaluator.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationHandlerContextFactory.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationHandlerContextFactory.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationHandlerContextFactory.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationHandlerContextFactory.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationHandlerProvider.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationHandlerProvider.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationHandlerProvider.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationHandlerProvider.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationPolicyProvider.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationPolicyProvider.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationPolicyProvider.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationPolicyProvider.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/IAllowAnonymous.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/IAllowAnonymous.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/IAllowAnonymous.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/IAllowAnonymous.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/IAuthorizationEvaluator.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/IAuthorizationEvaluator.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/IAuthorizationEvaluator.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/IAuthorizationEvaluator.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/IAuthorizationHandler.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/IAuthorizationHandler.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/IAuthorizationHandler.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/IAuthorizationHandler.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/IAuthorizationHandlerContextFactory.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/IAuthorizationHandlerContextFactory.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/IAuthorizationHandlerContextFactory.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/IAuthorizationHandlerContextFactory.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/IAuthorizationHandlerProvider.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/IAuthorizationHandlerProvider.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/IAuthorizationHandlerProvider.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/IAuthorizationHandlerProvider.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/IAuthorizationPolicyProvider.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/IAuthorizationPolicyProvider.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/IAuthorizationPolicyProvider.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/IAuthorizationPolicyProvider.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/IAuthorizationRequirement.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/IAuthorizationRequirement.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/IAuthorizationRequirement.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/IAuthorizationRequirement.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/IAuthorizationService.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/IAuthorizationService.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/IAuthorizationService.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/IAuthorizationService.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/IAuthorizeData.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/IAuthorizeData.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/IAuthorizeData.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/IAuthorizeData.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/Infrastructure/AssertionRequirement.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/Infrastructure/AssertionRequirement.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/Infrastructure/AssertionRequirement.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/Infrastructure/AssertionRequirement.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/Infrastructure/ClaimsAuthorizationRequirement.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/Infrastructure/ClaimsAuthorizationRequirement.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/Infrastructure/ClaimsAuthorizationRequirement.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/Infrastructure/ClaimsAuthorizationRequirement.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/Infrastructure/DenyAnonymousAuthorizationRequirement.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/Infrastructure/DenyAnonymousAuthorizationRequirement.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/Infrastructure/DenyAnonymousAuthorizationRequirement.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/Infrastructure/DenyAnonymousAuthorizationRequirement.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/Infrastructure/NameAuthorizationRequirement.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/Infrastructure/NameAuthorizationRequirement.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/Infrastructure/NameAuthorizationRequirement.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/Infrastructure/NameAuthorizationRequirement.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/Infrastructure/OperationAuthorizationRequirement.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/Infrastructure/OperationAuthorizationRequirement.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/Infrastructure/OperationAuthorizationRequirement.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/Infrastructure/OperationAuthorizationRequirement.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/Infrastructure/PassThroughAuthorizationHandler.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/Infrastructure/PassThroughAuthorizationHandler.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/Infrastructure/PassThroughAuthorizationHandler.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/Infrastructure/PassThroughAuthorizationHandler.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/Infrastructure/RolesAuthorizationRequirement.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/Infrastructure/RolesAuthorizationRequirement.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/Infrastructure/RolesAuthorizationRequirement.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/Infrastructure/RolesAuthorizationRequirement.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/LoggingExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/LoggingExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/LoggingExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/LoggingExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj b/src/Security/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
rename to src/Security/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
diff --git a/src/Microsoft.AspNetCore.Authorization/Properties/Resources.Designer.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/Properties/Resources.Designer.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/Properties/Resources.Designer.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/Properties/Resources.Designer.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/Resources.resx b/src/Security/src/Microsoft.AspNetCore.Authorization/Resources.resx
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/Resources.resx
rename to src/Security/src/Microsoft.AspNetCore.Authorization/Resources.resx
diff --git a/src/Microsoft.AspNetCore.Authorization/baseline.netcore.json b/src/Security/src/Microsoft.AspNetCore.Authorization/baseline.netcore.json
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/baseline.netcore.json
rename to src/Security/src/Microsoft.AspNetCore.Authorization/baseline.netcore.json
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/AppendCookieContext.cs b/src/Security/src/Microsoft.AspNetCore.CookiePolicy/AppendCookieContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.CookiePolicy/AppendCookieContext.cs
rename to src/Security/src/Microsoft.AspNetCore.CookiePolicy/AppendCookieContext.cs
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyAppBuilderExtensions.cs b/src/Security/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyAppBuilderExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyAppBuilderExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyAppBuilderExtensions.cs
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyMiddleware.cs b/src/Security/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyMiddleware.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyMiddleware.cs
rename to src/Security/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyMiddleware.cs
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyOptions.cs b/src/Security/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyOptions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyOptions.cs
rename to src/Security/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyOptions.cs
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/DeleteCookieContext.cs b/src/Security/src/Microsoft.AspNetCore.CookiePolicy/DeleteCookieContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.CookiePolicy/DeleteCookieContext.cs
rename to src/Security/src/Microsoft.AspNetCore.CookiePolicy/DeleteCookieContext.cs
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/HttpOnlyPolicy.cs b/src/Security/src/Microsoft.AspNetCore.CookiePolicy/HttpOnlyPolicy.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.CookiePolicy/HttpOnlyPolicy.cs
rename to src/Security/src/Microsoft.AspNetCore.CookiePolicy/HttpOnlyPolicy.cs
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/LoggingExtensions.cs b/src/Security/src/Microsoft.AspNetCore.CookiePolicy/LoggingExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.CookiePolicy/LoggingExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.CookiePolicy/LoggingExtensions.cs
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj b/src/Security/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj
similarity index 100%
rename from src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj
rename to src/Security/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/ResponseCookiesWrapper.cs b/src/Security/src/Microsoft.AspNetCore.CookiePolicy/ResponseCookiesWrapper.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.CookiePolicy/ResponseCookiesWrapper.cs
rename to src/Security/src/Microsoft.AspNetCore.CookiePolicy/ResponseCookiesWrapper.cs
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/baseline.netcore.json b/src/Security/src/Microsoft.AspNetCore.CookiePolicy/baseline.netcore.json
similarity index 100%
rename from src/Microsoft.AspNetCore.CookiePolicy/baseline.netcore.json
rename to src/Security/src/Microsoft.AspNetCore.CookiePolicy/baseline.netcore.json
diff --git a/src/Microsoft.Owin.Security.Interop/AspNetTicketDataFormat.cs b/src/Security/src/Microsoft.Owin.Security.Interop/AspNetTicketDataFormat.cs
similarity index 100%
rename from src/Microsoft.Owin.Security.Interop/AspNetTicketDataFormat.cs
rename to src/Security/src/Microsoft.Owin.Security.Interop/AspNetTicketDataFormat.cs
diff --git a/src/Microsoft.Owin.Security.Interop/AspNetTicketSerializer.cs b/src/Security/src/Microsoft.Owin.Security.Interop/AspNetTicketSerializer.cs
similarity index 100%
rename from src/Microsoft.Owin.Security.Interop/AspNetTicketSerializer.cs
rename to src/Security/src/Microsoft.Owin.Security.Interop/AspNetTicketSerializer.cs
diff --git a/src/Microsoft.Owin.Security.Interop/ChunkingCookieManager.cs b/src/Security/src/Microsoft.Owin.Security.Interop/ChunkingCookieManager.cs
similarity index 100%
rename from src/Microsoft.Owin.Security.Interop/ChunkingCookieManager.cs
rename to src/Security/src/Microsoft.Owin.Security.Interop/ChunkingCookieManager.cs
diff --git a/src/Microsoft.Owin.Security.Interop/Constants.cs b/src/Security/src/Microsoft.Owin.Security.Interop/Constants.cs
similarity index 100%
rename from src/Microsoft.Owin.Security.Interop/Constants.cs
rename to src/Security/src/Microsoft.Owin.Security.Interop/Constants.cs
diff --git a/src/Microsoft.Owin.Security.Interop/DataProtectorShim.cs b/src/Security/src/Microsoft.Owin.Security.Interop/DataProtectorShim.cs
similarity index 100%
rename from src/Microsoft.Owin.Security.Interop/DataProtectorShim.cs
rename to src/Security/src/Microsoft.Owin.Security.Interop/DataProtectorShim.cs
diff --git a/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj b/src/Security/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj
similarity index 100%
rename from src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj
rename to src/Security/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj
diff --git a/src/Microsoft.Owin.Security.Interop/Properties/AssemblyInfo.cs b/src/Security/src/Microsoft.Owin.Security.Interop/Properties/AssemblyInfo.cs
similarity index 100%
rename from src/Microsoft.Owin.Security.Interop/Properties/AssemblyInfo.cs
rename to src/Security/src/Microsoft.Owin.Security.Interop/Properties/AssemblyInfo.cs
diff --git a/src/Microsoft.Owin.Security.Interop/baseline.netframework.json b/src/Security/src/Microsoft.Owin.Security.Interop/baseline.netframework.json
similarity index 100%
rename from src/Microsoft.Owin.Security.Interop/baseline.netframework.json
rename to src/Security/src/Microsoft.Owin.Security.Interop/baseline.netframework.json
diff --git a/test/Directory.Build.props b/src/Security/test/Directory.Build.props
similarity index 100%
rename from test/Directory.Build.props
rename to src/Security/test/Directory.Build.props
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/AuthenticationMiddlewareTests.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/AuthenticationMiddlewareTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/AuthenticationMiddlewareTests.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/AuthenticationMiddlewareTests.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Base64UrlTextEncoderTests.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/Base64UrlTextEncoderTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/Base64UrlTextEncoderTests.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/Base64UrlTextEncoderTests.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/ClaimActionTests.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/ClaimActionTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/ClaimActionTests.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/ClaimActionTests.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/DynamicSchemeTests.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/DynamicSchemeTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/DynamicSchemeTests.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/DynamicSchemeTests.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OAuthChallengePropertiesTest.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/OAuthChallengePropertiesTest.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/OAuthChallengePropertiesTest.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/OAuthChallengePropertiesTest.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/MockOpenIdConnectMessage.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/MockOpenIdConnectMessage.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/MockOpenIdConnectMessage.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/MockOpenIdConnectMessage.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectConfigurationTests.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectConfigurationTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectConfigurationTests.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectConfigurationTests.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectEventTests.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectEventTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectEventTests.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectEventTests.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectTests.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectTests.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectTests.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerBuilder.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerBuilder.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerBuilder.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerBuilder.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerExtensions.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerExtensions.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerExtensions.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerExtensions.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestTransaction.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestTransaction.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestTransaction.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestTransaction.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/wellknownconfig.json b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/wellknownconfig.json
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/wellknownconfig.json
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/wellknownconfig.json
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/wellknownkeys.json b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/wellknownkeys.json
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/wellknownkeys.json
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/wellknownkeys.json
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/PolicyTests.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/PolicyTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/PolicyTests.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/PolicyTests.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/RemoteAuthenticationTests.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/RemoteAuthenticationTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/RemoteAuthenticationTests.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/RemoteAuthenticationTests.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/SecureDataFormatTests.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/SecureDataFormatTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/SecureDataFormatTests.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/SecureDataFormatTests.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/SharedAuthenticationTests.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/SharedAuthenticationTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/SharedAuthenticationTests.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/SharedAuthenticationTests.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/TestClock.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/TestClock.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/TestClock.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/TestClock.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/TestExtensions.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/TestExtensions.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/TestExtensions.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/TestExtensions.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/TestHandlers.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/TestHandlers.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/TestHandlers.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/TestHandlers.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/TestHttpMessageHandler.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/TestHttpMessageHandler.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/TestHttpMessageHandler.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/TestHttpMessageHandler.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/TicketSerializerTests.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/TicketSerializerTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/TicketSerializerTests.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/TicketSerializerTests.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/TokenExtensionTests.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/TokenExtensionTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/TokenExtensionTests.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/TokenExtensionTests.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Transaction.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/Transaction.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/Transaction.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/Transaction.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/CustomStateDataFormat.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/CustomStateDataFormat.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/WsFederation/CustomStateDataFormat.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/CustomStateDataFormat.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/InvalidToken.xml b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/InvalidToken.xml
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/WsFederation/InvalidToken.xml
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/InvalidToken.xml
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/TestSecurityToken.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/TestSecurityToken.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/WsFederation/TestSecurityToken.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/TestSecurityToken.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/TestSecurityTokenValidator.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/TestSecurityTokenValidator.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/WsFederation/TestSecurityTokenValidator.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/TestSecurityTokenValidator.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/ValidToken.xml b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/ValidToken.xml
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/WsFederation/ValidToken.xml
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/ValidToken.xml
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/WsFederationTest.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/WsFederationTest.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/WsFederation/WsFederationTest.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/WsFederationTest.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/federationmetadata.xml b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/federationmetadata.xml
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/WsFederation/federationmetadata.xml
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/federationmetadata.xml
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/katanatest.redmond.corp.microsoft.com.cer b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/katanatest.redmond.corp.microsoft.com.cer
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/katanatest.redmond.corp.microsoft.com.cer
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/katanatest.redmond.corp.microsoft.com.cer
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/selfSigned.cer b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/selfSigned.cer
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/selfSigned.cer
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/selfSigned.cer
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/AuthorizationAppBuilderExtensionsTests.cs b/src/Security/test/Microsoft.AspNetCore.Authorization.Test/AuthorizationAppBuilderExtensionsTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authorization.Test/AuthorizationAppBuilderExtensionsTests.cs
rename to src/Security/test/Microsoft.AspNetCore.Authorization.Test/AuthorizationAppBuilderExtensionsTests.cs
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/AuthorizationEndpointConventionBuilderExtensionsTests.cs b/src/Security/test/Microsoft.AspNetCore.Authorization.Test/AuthorizationEndpointConventionBuilderExtensionsTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authorization.Test/AuthorizationEndpointConventionBuilderExtensionsTests.cs
rename to src/Security/test/Microsoft.AspNetCore.Authorization.Test/AuthorizationEndpointConventionBuilderExtensionsTests.cs
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/AuthorizationMiddlewareTests.cs b/src/Security/test/Microsoft.AspNetCore.Authorization.Test/AuthorizationMiddlewareTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authorization.Test/AuthorizationMiddlewareTests.cs
rename to src/Security/test/Microsoft.AspNetCore.Authorization.Test/AuthorizationMiddlewareTests.cs
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/AuthorizationPolicyFacts.cs b/src/Security/test/Microsoft.AspNetCore.Authorization.Test/AuthorizationPolicyFacts.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authorization.Test/AuthorizationPolicyFacts.cs
rename to src/Security/test/Microsoft.AspNetCore.Authorization.Test/AuthorizationPolicyFacts.cs
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs b/src/Security/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs
rename to src/Security/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj b/src/Security/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
similarity index 100%
rename from test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
rename to src/Security/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/PolicyEvaluatorTests.cs b/src/Security/test/Microsoft.AspNetCore.Authorization.Test/PolicyEvaluatorTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authorization.Test/PolicyEvaluatorTests.cs
rename to src/Security/test/Microsoft.AspNetCore.Authorization.Test/PolicyEvaluatorTests.cs
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/TestObjects/TestAuthenticationService.cs b/src/Security/test/Microsoft.AspNetCore.Authorization.Test/TestObjects/TestAuthenticationService.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authorization.Test/TestObjects/TestAuthenticationService.cs
rename to src/Security/test/Microsoft.AspNetCore.Authorization.Test/TestObjects/TestAuthenticationService.cs
diff --git a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/CookieChunkingTests.cs b/src/Security/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/CookieChunkingTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/CookieChunkingTests.cs
rename to src/Security/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/CookieChunkingTests.cs
diff --git a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj b/src/Security/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
similarity index 100%
rename from test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
rename to src/Security/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/CookieConsentTests.cs b/src/Security/test/Microsoft.AspNetCore.CookiePolicy.Test/CookieConsentTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.CookiePolicy.Test/CookieConsentTests.cs
rename to src/Security/test/Microsoft.AspNetCore.CookiePolicy.Test/CookieConsentTests.cs
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs b/src/Security/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs
rename to src/Security/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj b/src/Security/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
similarity index 100%
rename from test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
rename to src/Security/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/TestExtensions.cs b/src/Security/test/Microsoft.AspNetCore.CookiePolicy.Test/TestExtensions.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.CookiePolicy.Test/TestExtensions.cs
rename to src/Security/test/Microsoft.AspNetCore.CookiePolicy.Test/TestExtensions.cs
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/Transaction.cs b/src/Security/test/Microsoft.AspNetCore.CookiePolicy.Test/Transaction.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.CookiePolicy.Test/Transaction.cs
rename to src/Security/test/Microsoft.AspNetCore.CookiePolicy.Test/Transaction.cs
diff --git a/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs b/src/Security/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs
similarity index 100%
rename from test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs
rename to src/Security/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs
diff --git a/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj b/src/Security/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
similarity index 100%
rename from test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
rename to src/Security/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
diff --git a/test/Microsoft.Owin.Security.Interop.Test/TicketInteropTests.cs b/src/Security/test/Microsoft.Owin.Security.Interop.Test/TicketInteropTests.cs
similarity index 100%
rename from test/Microsoft.Owin.Security.Interop.Test/TicketInteropTests.cs
rename to src/Security/test/Microsoft.Owin.Security.Interop.Test/TicketInteropTests.cs
diff --git a/version.props b/src/Security/version.props
similarity index 100%
rename from version.props
rename to src/Security/version.props