diff --git a/src/Microsoft.AspNet.Mvc.Core/ActionResults/ChallengeResult.cs b/src/Microsoft.AspNet.Mvc.Core/ActionResults/ChallengeResult.cs
index f785e23231..5a2aa5acfb 100644
--- a/src/Microsoft.AspNet.Mvc.Core/ActionResults/ChallengeResult.cs
+++ b/src/Microsoft.AspNet.Mvc.Core/ActionResults/ChallengeResult.cs
@@ -46,17 +46,17 @@ namespace Microsoft.AspNet.Mvc
 
         public override void ExecuteResult([NotNull] ActionContext context)
         {
-            var response = context.HttpContext.Response;
+            var auth = context.HttpContext.Authentication;
             if (AuthenticationSchemes.Count > 0)
             {
                 foreach (var scheme in AuthenticationSchemes)
                 {
-                    response.Challenge(Properties, scheme);
+                    auth.Challenge(scheme, Properties);
                 }
             }
             else
             {
-                response.Challenge(Properties);
+                auth.Challenge(Properties);
             }
         }
     }
diff --git a/src/Microsoft.AspNet.Mvc.Core/Filters/AuthorizeFilter.cs b/src/Microsoft.AspNet.Mvc.Core/Filters/AuthorizeFilter.cs
index 2fdf6985a7..f16aa70610 100644
--- a/src/Microsoft.AspNet.Mvc.Core/Filters/AuthorizeFilter.cs
+++ b/src/Microsoft.AspNet.Mvc.Core/Filters/AuthorizeFilter.cs
@@ -38,7 +38,7 @@ namespace Microsoft.AspNet.Mvc
                 var newPrincipal = new ClaimsPrincipal();
                 foreach (var scheme in Policy.ActiveAuthenticationSchemes)
                 {
-                    var result = (await context.HttpContext.AuthenticateAsync(scheme))?.Principal;
+                    var result = (await context.HttpContext.Authentication.AuthenticateAsync(scheme))?.Principal;
                     if (result != null)
                     {
                         newPrincipal.AddIdentities(result.Identities);
diff --git a/test/Microsoft.AspNet.Mvc.Core.Test/ActionResults/ChallengeResultTest.cs b/test/Microsoft.AspNet.Mvc.Core.Test/ActionResults/ChallengeResultTest.cs
index a4e9fe4dfb..547013ddcf 100644
--- a/test/Microsoft.AspNet.Mvc.Core.Test/ActionResults/ChallengeResultTest.cs
+++ b/test/Microsoft.AspNet.Mvc.Core.Test/ActionResults/ChallengeResultTest.cs
@@ -18,8 +18,8 @@ namespace Microsoft.AspNet.Mvc.Core.Test.ActionResults
             // Arrange
             var result = new ChallengeResult("", null);
             var httpContext = new Mock<HttpContext>();
-            var httpResponse = new Mock<HttpResponse>();
-            httpContext.Setup(o => o.Response).Returns(httpResponse.Object);
+            var auth = new Mock<AuthenticationManager>();
+            httpContext.Setup(o => o.Authentication).Returns(auth.Object);
 
             var routeData = new RouteData();
             routeData.Routers.Add(Mock.Of<IRouter>());
@@ -32,7 +32,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test.ActionResults
             result.ExecuteResult(actionContext);
 
             // Assert
-            httpResponse.Verify(c => c.Challenge(null, ""), Times.Exactly(1));
+            auth.Verify(c => c.Challenge("", null), Times.Exactly(1));
         }
 
         [Fact]
@@ -41,8 +41,8 @@ namespace Microsoft.AspNet.Mvc.Core.Test.ActionResults
             // Arrange
             var result = new ChallengeResult(new string[] { }, null);
             var httpContext = new Mock<HttpContext>();
-            var httpResponse = new Mock<HttpResponse>();
-            httpContext.Setup(o => o.Response).Returns(httpResponse.Object);
+            var auth = new Mock<AuthenticationManager>();
+            httpContext.Setup(o => o.Authentication).Returns(auth.Object);
 
             var routeData = new RouteData();
             routeData.Routers.Add(Mock.Of<IRouter>());
@@ -55,7 +55,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test.ActionResults
             result.ExecuteResult(actionContext);
 
             // Assert
-            httpResponse.Verify(c => c.Challenge((AuthenticationProperties)null), Times.Exactly(1));
+            auth.Verify(c => c.Challenge((AuthenticationProperties)null), Times.Exactly(1));
         }
     }
 }
\ No newline at end of file
diff --git a/test/Microsoft.AspNet.Mvc.Core.Test/Filters/AuthorizeFilterTest.cs b/test/Microsoft.AspNet.Mvc.Core.Test/Filters/AuthorizeFilterTest.cs
index 54dda51412..c2a2b78124 100644
--- a/test/Microsoft.AspNet.Mvc.Core.Test/Filters/AuthorizeFilterTest.cs
+++ b/test/Microsoft.AspNet.Mvc.Core.Test/Filters/AuthorizeFilterTest.cs
@@ -352,14 +352,16 @@ namespace Microsoft.AspNet.Mvc.Test
 
             // HttpContext
             var httpContext = new Mock<HttpContext>();
+            var auth = new Mock<AuthenticationManager>();
+            httpContext.Setup(o => o.Authentication).Returns(auth.Object);
             httpContext.SetupProperty(c => c.User);
             if (!anonymous)
             {
                 httpContext.Object.User = validUser;
             }
             httpContext.SetupGet(c => c.RequestServices).Returns(serviceProvider);
-            httpContext.Setup(c => c.AuthenticateAsync("Bearer")).ReturnsAsync(new AuthenticationResult(bearerPrincipal, new AuthenticationProperties(), new AuthenticationDescription()));
-            httpContext.Setup(c => c.AuthenticateAsync("Basic")).ReturnsAsync(new AuthenticationResult(basicPrincipal, new AuthenticationProperties(), new AuthenticationDescription()));
+            auth.Setup(c => c.AuthenticateAsync("Bearer")).ReturnsAsync(new AuthenticationResult(bearerPrincipal, new AuthenticationProperties(), new AuthenticationDescription()));
+            auth.Setup(c => c.AuthenticateAsync("Basic")).ReturnsAsync(new AuthenticationResult(basicPrincipal, new AuthenticationProperties(), new AuthenticationDescription()));
 
             // AuthorizationContext
             var actionContext = new ActionContext(